Download.studio (not to be confused with DownloadStudio by Conceiva) is a torrent client that was seen distributing very serious backdoor malware in its automatic updates. Long-time users of Download.studio should check their computers for malware and remove any that is found.
The backdoor problem is separate from Download.studio’s other issues, like bundling potentially unwanted software.
Download Studio Malware quicklinks
- What’s the problem with Download.studio?
- The usual torrent client problems
- A backdoor trojan
- How to remove Download.studio malware
- Remove malware
- Be careful
- Automatic Malware removal tools
- How to remove Download.studio Malware using Windows Control Panel
|Type of threat||Trojan,
potentially unwanted program.
|Problems with Download.studio||Bundled offers,
a backdoor trojan was pushed as an automatic update.
|Symptoms of infection||Slow computer,
abnormally high resource usage,
unfamiliar programs being installed,
files and programs returning after being deleted.
|How to remove Download.studio malware||Scan your computer with Spyhunter, Malwarebytes, or other scanners,
remove all malware.
What’s the problem with Download.studio?
The usual torrent client problems
Download.studio is a BitTorrent client. It allows users to seed and download files to and from each other. It is most popular in Russia, Ukraine, Belarus, etc.
Like many other torrent clients, Download.studio gets detected by antivirus tools. That’s not surprising.
Filesharing programs like that are risky, especially to inexperienced users. People might download files from unreliable sources. Those files might be infected. For instance, ransomware such as Foqe spreads in pirated files.
In addition, torrent clients like Download.studio are free, which often results in them including shady crapware offers in their installers. Any program that advertises other software in its installer is likely to be labeled as a potentially unwanted program (PUP).
The Download.studio that I downloaded was merely detected as adware – Virustotal.com.
But, at a point in time, Download.studio was found to be doing something worse.
A backdoor trojan
Some weeks ago, Avast discovered that malware was being distributed in fake Malwarebytes installers. These infected installers were not coming from Malwarebytes. They were coming from somewhere else.
Eventually, Avast found how these fake installers were being distributed – by a few (likely related) programs: the torrent client Download.studio and three ad blockers called Netshieldkit, Netadblock, and Myadblock.
Here is one of the files that Avast detected Download.studio installing: Virustotal.com.
This malware could open a backdoor in the infected computers, which would allow malicious actors to infect them with any other payload. It could do a lot of harm by downloading and installing files, as well as reinstalling them, if they were removed.
You can read the Avast posts for more details on this trojan and on Download.studio’s behavior in regard to it.
In general, backdoors allow malware to be downloaded and installed on the victim’s computer without their knowledge and consent. This malware could be anything:
- Spyware that steals clipboard contents and credentials saved in web browsers.
- Adware that causes pop-up ads and redirects in the browser.
- Malware that uses the victim’s computer to perform click-fraud.
- A botnet that uses the computer to send out spam.
In the case of Download.studio, Avast found that it was spreading an XMRig-based miner and other malware.
How to remove Download.studio malware
If you were using Download.studio back in August, then it may have tried to install a backdoor on your computer, as well. If it succeeded, you may notice a few symptoms:
- Your computer is slower than normal, it’s too hot.
- Unfamiliar files and programs appear on your drive.
- Deleted files and programs return on their own.
When users want to use torrent clients, they often have to deal with antivirus detections. Understandably, people just make an exception for Download.studio or another torrent client.
But this Download.studio incident is a good reminder to stay vigilant. Every free commercial program has to make money somehow. If you aren’t paying for its development and maintenance, then who is?
In addition, this is a good reminder to always be careful and thoughtful when making exceptions for antivirus detections. When a program that you trust sets off antivirus alarms, consider that it could be a real problem. It’s good consider the detection name and what it means.
Automatic Malware removal tools
How to remove Download.studio Malware using Windows Control PanelMany hijackers and adware like Download.studio Malware install some of their components as regular Windows programs as well as additional software. This part of malware can be uninstalled from the Control Panel. To access it, do the following.
- Start→Control Panel (older Windows) or press Windows Key→Search and enter Control Panel and then press Enter (Windows 8, Windows 10).
- Choose Uninstall Program (if you don't see it, click in the upper right next to "View by" and select Category).
- Go through the list of programs and select entries related to Download.studio Malware . You can click on "Name" or "Installed On" to reorder your programs and make Download.studio Malware easier to find.
- Click the Uninstall button. If you're asked if you really want to remove the program, click Yes.
- In many cases anti-malware programs are better at detecting related parasites, thus I recommend installing Spyhunter to identify other programs that might be a part of this infection.