Archived

This topic is now archived and is closed to further replies.

Rufus

uTorrent downloading virus (Exploit:SWF/Meadgive)

Recommended Posts

I'm having a problem with uTorrent today. Whenever uTorrent is running, Windows Defender is detecting the following: Exploit:SWF/Meadgive.

This is only occurring when uTorrent is running, even when not downloading anything. If I exit uTorrent it stops. I've tried uninstalling and reinstalling uTorrent. I've restarted my computer several times and I've run several scans with Malwarebytes and Defender.

I suspect it is associated with the in-app advertisements, because there are occasions where it stops and a legitimate advertisement is displayed... When it's happening, Defender is detecting a new instance of SWF/Meadgive between every 10 to 30 seconds.

I can find no other cause for this problem.

Share this post


Link to post
Share on other sites

Thanks!

It's annoying, at best... Fortunately Windows Defender is catching it. At worst, My computer could have been compromised. I've already spent the last five days recovering after a ransomeware attack wiped out my main network file server. Another infection is the last thing I need.

Share this post


Link to post
Share on other sites

Same thing is happening for me. 

Some involved files, according to Windows Defender:

containerfile:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NS1SUKBD\optiads-1.6.2[1].swf
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9D70VVRQ\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\EJNOCIEH\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F4JQP1L2\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NS1SUKBD\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\ST8OZJKU\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TN31DO5Z\optiads-1.6.2[1].swf->(ZWS)

Share this post


Link to post
Share on other sites

Same. Windows Defender told me the process of origin was utorrentie.exe so I agree it seems to have come from the ads. Filename was optiads-1.6.2[1].swf.

Share this post


Link to post
Share on other sites

Can anyone who had this problem tell me anything more about the ad experience at the time?  Any recollection of which ad might have been showing at the time?  Or if it was video or flash?

Share this post


Link to post
Share on other sites

I suspect it may not have been showing content because it was being caught by the anti-virus. A bit of a catch 22. You need AV on to detect it, but you can't see the ad with AV on.

Share this post


Link to post
Share on other sites

I also found that "optiads-1.6.2[1].swf" file on my computer today, utorrent was running, and Defender alert me about it.

It founds THREE of that files, I deleted all that THREE.

I didn't have time to run a full scan yet.

My question is: I am sure or it's better to restore my computer to yesterday (I have a backup).

I need (but I think MANY PEOPLE needs) a correct and precise answer.

That "SWF" was in the Explorer cache.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.