Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit Meadgive


  • Please log in to reply
19 replies to this topic

#1 Flyingmojo

Flyingmojo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 01:23 PM

Hello all
Computer (Dell laptop running Windows 8.1) has been acting real slow. This morning, Windows Defender notified me of malware on my PC (Exploit:SWF/Meadgive). No matter how many times I quarantined and removed it, Defender kept notifying me. I would try to run a scan and whenever the screen would go to sleep, a blue screen with the mouse pointer would appear with nothing else. So I'd have to restart.
Got some quick advice from a friend who fixes computers (before she had to head to work) to use adwcleaner, which detected and cleaned out 11 items. Ran again and came clean. Tried a Defender scan again, and this time, no blue screen to interrupt it. As of now, scan is still in process. However, after an hour into the scan, Defender notified me of the exploit, and again, and again. Like every minute. Did a google on this, and decided to flush DNS. The notifications stopped. Everything else seems fine. So I don't know if Defender is detecting the exploit that's no longer there.
I also have MalwareBytes AntiMalware, although I have not run a scan with that yet
Thanks

Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal


Edited by Flyingmojo, 11 May 2017 - 01:44 PM.


BC AdBot (Login to Remove)

 


#2 Flyingmojo

Flyingmojo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 01:39 PM

Sorry for being such a newb. Reading the pinned topics in this forum now



#3 BlueSapphire

BlueSapphire

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:12 AM

Posted 11 May 2017 - 02:25 PM

So, ummm, where was the thread moved to? Can you provide a link?



#4 Flyingmojo

Flyingmojo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 02:29 PM

It's been moved to the Am I Infected? forum
https://www.bleepingcomputer.com/forums/t/646396/exploit-meadgive/



#5 BlueSapphire

BlueSapphire

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:12 AM

Posted 11 May 2017 - 02:32 PM

Oh, duh! I guess I was hoping to see a resolution...



#6 Tripp B

Tripp B

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 11 May 2017 - 03:27 PM

Do you run µTorrent?  Today, it seems to be trying to run a Flash based ad that is trying to infect computers.  I haven't been able to figure out exactly what it is but Windows Defender isn't happy with it.



#7 Flyingmojo

Flyingmojo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 03:33 PM

Ah ok, thank you. Yes I do. Do you have any other info on this? Like a link or something?



#8 D-R0d

D-R0d

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 11 May 2017 - 03:58 PM

Found this from Microsoft: https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Exploit:SWF/Meadgive

I too received this alert from Windows defender **Today** - about an hour ago. 

Started downloading a torrent from Piratebay and windows defender was going nuts. Im running a full scan now, but i noticed that windows defender wasnt able to remove it even tho it said it was ever minute or so. 

 


Edited by D-R0d, 11 May 2017 - 04:01 PM.


#9 tjstump69

tjstump69

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 05:10 PM

How do you flush DNS and do you think this worked.  Thanks.



#10 Flyingmojo

Flyingmojo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 05:16 PM

tjstump69 I imagine flushing the DNS is kind of like turning off the "change oil" light in your car. It was done just to stop Windows Defender from bleeping at me every minute. But here's a link:
https://www.whatsmydns.net/flush-dns.html

For the record, my scan came up clean. I restarted the computer, and after I read Tripp B's reply, I also uninstalled utorrent. So far, so good. I think I may be clear



#11 tjstump69

tjstump69

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 06:03 PM

Thanks.  I also ran walwarebytes.  Don't seem to be getting the malware detected.  Hopefully it's over with.



#12 FQN

FQN

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 May 2017 - 06:50 PM

Same exact thing with me except I'm running BitTorrent. Also ran scan with MalwareBytes and got no hits.

 

µTorrent's forum seems to be aware of this and is looking into it. No acknowledgement from BitTorrent's forum yet.



#13 dwwaddell

dwwaddell

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 12 May 2017 - 05:31 AM

This problem appears to be the malware getting into the browser cache. I have found it in Chrome, Firefox, and Pale Moon. Windows Defender doesn't appear to be too sure about it.



#14 D-R0d

D-R0d

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 12 May 2017 - 06:52 AM

Malware bytes worked great to remove this satanic malware.

Does anyone know if system security / file could have been compromised? 
 



#15 rcmaehl

rcmaehl

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 12 May 2017 - 09:12 AM

Can confirm. Windows defender warned of infection and suddenly was unable to open any AV programs including Malwarebytes. Meadgive is a trojan so I'm not surprised that it's probably downloaded additional malware. Currently have drives pulled running scans on each. Will update with full results in 14hrs or so (at work for 11, another 3 to finish disinfection)
 
Play by Play:
 
  • 5/11 - Torrented a file, completed, then seeded overnight
  • 5/12, 12PM ish (EST) - Windows Defender informs me it's been turned off
  • Open Windows Defender find results for Meadgive/SWF. Clean then nuked INetCache
  • Go to open Avast from System Tray, icon disappears as I mouse over it (Typical for when a process has been abruptly terminated)
  • Unable to open my Avast or Malwarebytes
  • Reinstall was able to get Avast to open but not MalwareBytes without Malwarebytes Chameleon and even then it gets stuck on Updating
  • Pull drives, boot test bench, begin scans

Update: Nothing found, however it's best to do a reinstall and nuke Windows and settings, especially with WanaCrypt0r as who knows what settings were messed with


Edited by rcmaehl, 13 May 2017 - 08:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users