Was UrBackup used to steal my data?


I found some installation fragments of UrBackup on my computer, although I had never installed this program and I didn’t know anything about it before. The fragments are:

  • context menu entry
  • registry entry for the context menu entry
  • allow rule in the windows firewall

Is it possible that someone broke into my computer via internet and has used UrBackup to steal my data? I read that UrBackup supports a silent installation.

Or is the service of UrBackup used in another program although you have never installed UrBackup yourself?

I’m a little worried, and I don’t know exactly how to figure out what was/is going on.


I seriously doubt anyone broke into you PC to use urbackup to steal your data.
If someone broke in, all your data is there. No need to do anything else.

Did you buy the PC new?
If someone else had it before you, perhaps they had it installed.

Does anyone else use you PC?

Is there a C:\Program Files\urbackup folder (or possible C:\Program Files (x86)\urbackup) with files in it?

Can you provide a little more detail about the “fragments” by pasting them here?
Not exactly sure what you are referring to with “context menu entry”.

I don’t think anyone had physical full access to my machine. I think more likely someone had access to it over the internet but couldn’t get full access. Then a silent installation of UrBackup would be a smart way to automatically copy my data in the background without the need to use the Windows-GUI.

I bought this PC as a new device and nobody but me had or has access to it.

There is no urbackup folder in the program files any more but it think it was there. Here are the fragments I have found. That’s why I belive it was there:


When did you notice it?
That event log entry show May of last year.

I found urbackup firewall entries in my Win-7 PC, but not in my wife’s Win-10 PC.
urbackup client is installed on both.

If the client was ever running on your PC, I would think you would have seen the icon in the task bar, and if files were being sent to the server someplace, I would expect you would have noticed network slowdown.

Do you use it at work or home?
If at work, and IT Administrator could have pushed it to your PC.

I;m just guessing here, tough to say what caused those fragments to be on your PC.

Perhaps the company you purchased the PC from used UrBackup in their process of creating a new PC to sell. It is perfectly legal for computer vendors to create installation master images for their machines under Microsoft license, with whatever bundled software and custom drivers needed, and use that to create individual operating system drives. UrBackup may be useful to them in several places, even if it is uninstalled along the way.

That would be possible, though I hope the uninstall process removes all the registry entries (if not please report) and the one creating the image removes the client via the uninstall process.

Not much I can do about it being used to steal data. If you want the client to transfer the data over the internet it won’t have a valid signature, however (preconfigured client installer). That won’t matter if you are already in the system as admin, though.

Thanks for the advice. I had overlooked that the log entry was made in November 2017. I thought it was a few days ago.

Now I understand where the entry comes from. At that time I had tested different backup software to find the best one for me. UrBackup was probably part of it, but I can’t remember.

Sorry again for the confusion I’ve caused.