Malwarebytes reports Vuze Plugin as harmful

[slovokia]

I am running Vuze 4.7.0.2 on Windows 7 64 bit.

Today I ran a scan of my computer with Malwarebytes Anti-Malware 1.60.0.1800.

It complained about the following file:

C:\Users\User\AppData\Local\Temp\Geo3953994555470017580.tmp (Exploit.Drop.3) -> Delete on reboot.

After some trial and error I was able to determine that the above file is created when Vuze runs. I then narrowed down the problem further and found that this file is associated with the Country Locator Plugin. When this plugin is removed the above file is no longer created.

Running the linux strings command on the above file produced the following output:

GEO-106FREE 20110301 Build 1 Copyright © 2011 MaxMind Inc All Rights Reserved

I am not sure if this report of an infection is real or a false positive but I am not using the plugin for now.

I have posted on the Vuze forums requesting assistance in tracking down what is going on.

I suspect this might be a real problem because the first time I ran Malwarebytes it produced the following:

Files Detected: 2

C:\Users\User\AppData\Local\Temp\Geo336858903670741787.tmp (Exploit.Drop.3) -> Delete on reboot.

C:\Users\User\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

After removing the offending file and running Vuze again Malwarebytes scans only reported a single file being corrupt (the Geo file).

It is possible that only when the Country Locator plugin is used is the malware actually activated and the second file created.

[shadowwar]

This is a false positive and are currently working on getting it fixed.

Thanks for posting.

[slovokia]

Hi,

Thanks for the quick reply. As of Database version: v2012.01.09.04 Malwarebytes no longer flags the Geo[0-9]*.tmp files as infected.