Rufus Posted May 11, 2017 Report Share Posted May 11, 2017 I'm having a problem with uTorrent today. Whenever uTorrent is running, Windows Defender is detecting the following: Exploit:SWF/Meadgive. This is only occurring when uTorrent is running, even when not downloading anything. If I exit uTorrent it stops. I've tried uninstalling and reinstalling uTorrent. I've restarted my computer several times and I've run several scans with Malwarebytes and Defender. I suspect it is associated with the in-app advertisements, because there are occasions where it stops and a legitimate advertisement is displayed... When it's happening, Defender is detecting a new instance of SWF/Meadgive between every 10 to 30 seconds. I can find no other cause for this problem. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 11, 2017 Report Share Posted May 11, 2017 It is indeed likely a malicious ad in the rotation. I will pass this thread along to my contact to get the appropriate team looking at it. Link to comment Share on other sites More sharing options...
Rufus Posted May 11, 2017 Author Report Share Posted May 11, 2017 Thanks! It's annoying, at best... Fortunately Windows Defender is catching it. At worst, My computer could have been compromised. I've already spent the last five days recovering after a ransomeware attack wiped out my main network file server. Another infection is the last thing I need. Link to comment Share on other sites More sharing options...
Reliloat Posted May 11, 2017 Report Share Posted May 11, 2017 Same thing is happening for me. Some involved files, according to Windows Defender: containerfile:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NS1SUKBD\optiads-1.6.2[1].swf file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9D70VVRQ\optiads-1.6.2[1].swf->(ZWS) file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\EJNOCIEH\optiads-1.6.2[1].swf->(ZWS) file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F4JQP1L2\optiads-1.6.2[1].swf->(ZWS) file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NS1SUKBD\optiads-1.6.2[1].swf->(ZWS) file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\ST8OZJKU\optiads-1.6.2[1].swf->(ZWS) file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TN31DO5Z\optiads-1.6.2[1].swf->(ZWS) Link to comment Share on other sites More sharing options...
garaden Posted May 11, 2017 Report Share Posted May 11, 2017 Same. Windows Defender told me the process of origin was utorrentie.exe so I agree it seems to have come from the ads. Filename was optiads-1.6.2[1].swf. Link to comment Share on other sites More sharing options...
bigfalls Posted May 12, 2017 Report Share Posted May 12, 2017 Can anyone who had this problem tell me anything more about the ad experience at the time? Any recollection of which ad might have been showing at the time? Or if it was video or flash? Link to comment Share on other sites More sharing options...
Rufus Posted May 12, 2017 Author Report Share Posted May 12, 2017 Usually there was no add showing... It looked like an add loading failure. Edit: So far, so good today. Link to comment Share on other sites More sharing options...
sflesch Posted May 12, 2017 Report Share Posted May 12, 2017 I suspect it may not have been showing content because it was being caught by the anti-virus. A bit of a catch 22. You need AV on to detect it, but you can't see the ad with AV on. Link to comment Share on other sites More sharing options...
Pipppero2007 Posted May 12, 2017 Report Share Posted May 12, 2017 I also found that "optiads-1.6.2[1].swf" file on my computer today, utorrent was running, and Defender alert me about it. It founds THREE of that files, I deleted all that THREE. I didn't have time to run a full scan yet. My question is: I am sure or it's better to restore my computer to yesterday (I have a backup). I need (but I think MANY PEOPLE needs) a correct and precise answer. That "SWF" was in the Explorer cache. Link to comment Share on other sites More sharing options...
Synx Posted May 15, 2017 Report Share Posted May 15, 2017 More info here: Regards, -Synx Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.