Jump to content

Malwarebytes reports Vuze Plugin as harmful


Recommended Posts

I am running Vuze on Windows 7 64 bit.

Today I ran a scan of my computer with Malwarebytes Anti-Malware

It complained about the following file:

C:\Users\User\AppData\Local\Temp\Geo3953994555470017580.tmp (Exploit.Drop.3) -> Delete on reboot.

After some trial and error I was able to determine that the above file is created when Vuze runs. I then narrowed down the problem further and found that this file is associated with the Country Locator Plugin. When this plugin is removed the above file is no longer created.

Running the linux strings command on the above file produced the following output:

GEO-106FREE 20110301 Build 1 Copyright © 2011 MaxMind Inc All Rights Reserved

I am not sure if this report of an infection is real or a false positive but I am not using the plugin for now.

I have posted on the Vuze forums requesting assistance in tracking down what is going on.

I suspect this might be a real problem because the first time I ran Malwarebytes it produced the following:

Files Detected: 2

C:\Users\User\AppData\Local\Temp\Geo336858903670741787.tmp (Exploit.Drop.3) -> Delete on reboot.

C:\Users\User\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

After removing the offending file and running Vuze again Malwarebytes scans only reported a single file being corrupt (the Geo file).

It is possible that only when the Country Locator plugin is used is the malware actually activated and the second file created.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.