uTorrent downloading virus (Exploit:SWF/Meadgive)

[Rufus]

I'm having a problem with uTorrent today. Whenever uTorrent is running, Windows Defender is detecting the following: Exploit:SWF/Meadgive.

This is only occurring when uTorrent is running, even when not downloading anything. If I exit uTorrent it stops. I've tried uninstalling and reinstalling uTorrent. I've restarted my computer several times and I've run several scans with Malwarebytes and Defender.

I suspect it is associated with the in-app advertisements, because there are occasions where it stops and a legitimate advertisement is displayed... When it's happening, Defender is detecting a new instance of SWF/Meadgive between every 10 to 30 seconds.

I can find no other cause for this problem.

[DreadWingKnight]

It is indeed likely a malicious ad in the rotation.

I will pass this thread along to my contact to get the appropriate team looking at it.

[Rufus]

Thanks!

It's annoying, at best... Fortunately Windows Defender is catching it. At worst, My computer could have been compromised. I've already spent the last five days recovering after a ransomeware attack wiped out my main network file server. Another infection is the last thing I need.

[Reliloat]

Same thing is happening for me. 

Some involved files, according to Windows Defender:

containerfile:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NS1SUKBD\optiads-1.6.2[1].swf
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\9D70VVRQ\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\EJNOCIEH\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\F4JQP1L2\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\NS1SUKBD\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\ST8OZJKU\optiads-1.6.2[1].swf->(ZWS)
file:C:\Users\<my username redacted>\AppData\Local\Microsoft\Windows\INetCache\Low\IE\TN31DO5Z\optiads-1.6.2[1].swf->(ZWS)

[garaden]

Same. Windows Defender told me the process of origin was utorrentie.exe so I agree it seems to have come from the ads. Filename was optiads-1.6.2[1].swf.

[bigfalls]

Can anyone who had this problem tell me anything more about the ad experience at the time?  Any recollection of which ad might have been showing at the time?  Or if it was video or flash?

[Rufus]

Usually there was no add showing... It looked like an add loading failure.

 

Edit: So far, so good today.

[sflesch]

I suspect it may not have been showing content because it was being caught by the anti-virus. A bit of a catch 22. You need AV on to detect it, but you can't see the ad with AV on.

[Pipppero2007]

I also found that "optiads-1.6.2[1].swf" file on my computer today, utorrent was running, and Defender alert me about it.

It founds THREE of that files, I deleted all that THREE.

I didn't have time to run a full scan yet.

My question is: I am sure or it's better to restore my computer to yesterday (I have a backup).

I need (but I think MANY PEOPLE needs) a correct and precise answer.

That "SWF" was in the Explorer cache.

[Synx]

More info here:

Regards,

-Synx