|
Howz It frylock04, Your post is confusing.In the first part you say 4 days of no problems and then you say your browser is being opened by a MP3 file I guess. If you Google Trojan.Downloader.WMA.Wimad.N. there is information on how to remove it. Other than that I can't help you......Aloha BCOOL |
Howz It jay736. You Just Gotta Love ZA Ya.......Aloha, BCOOL |
Hi All :) I downloaded this same trojan a week or so ago. I'm not technologically intelligent :o so I'm hoping someone can let me know if I'm "safe" now. I downloaded the mp3 and it seemed normal until I tried to play it and it wouldn't play. Tried to delete it, but couldn't. Finally, I scanned it with my AVG free antivirus/anitspyware and it showed the trojan. Here's the part where I want to make sure I'm okay and don't need to do anything else. I moved the infected result to the virus vault and then deleted it from there---is that all I would have needed to do? I haven't had any computer related problems so I'm hoping I'm good to go. Sorry for my techo-stupidity!! :( Another thing I noticed that may be a tip off that the file being downloaded contains a virus....when I tried to preview the mp3 while it was downloading it wouldn't play anything....any thoughts on this or anyone else notice the same thing? I tried downloading a song today and went thru several mp3's where the same thing happened...preview wouldn't work. I cancelled the downloads before they finished and finally found one that did preview and when it finished I scanned it and it was okay. If I cancelled the downloads before they finished and they did contain this trojan, would the trojan still have downloaded or am I okay? Currently running a scan, but, not yet finished so just curious. Thanks for any help!!!! :) |
Howz It SparkyChick, Sorry to here about your problem. First may I ask, the Trojan you downloaded,was it Trojan-Downloader.WMA.Wimad.n ? This Trojan behaves by 1. A browser page opens to a certain webpage ( fastmp3player.com ) 2. fastmp3player.com tries to download and execute (when the user hits run on IE ) a malware from the mentioned site....... You describe a different behaver in that the file won't open and you can't delete it ya. If you Google the Trojans name or go to free antivirus/anitspyware you should find some helpful information.... I not sure if your out of the woods yet.Trojans often make changes in your registry and or delete cretin files.If this has happened the damage needs to be fixed...Just to Delete the Trojan will not do that. When you are downloading a MP3 you should be able to preview it ya.I myself would not trust a file that didn't preview...That fact you stopped the download you should be OK.I would check your Incomplete folder and see if there's any sign of it there.If there is delete it.I understand your running a scan know if nothing shows up you should be fine. REMEMBER, you should always scan all files you download with Limewire before you open them. Please let me know the name of the Trojan you downloaded for my own information. ALOHA,BCOOL |
Hiya BCOOL Thanks for the help. You're right, it was a different infection....downloader.wimad.n. I had actually Googled this when it happened, but, results were mostly in other languages. From what I can gather, it's possibly a keylogger?? I do now recall that it was my AVG antispyware that detected this and not the Antivirus. I followed what AVG suggested...moved the infection to quarantine and then maybe healed it?? I know I had to restart my computer in order for the process to be complete. Sorry...I know--I don't deserve to use a computer!! Unfortunately, I can't go back to check things so I can give better specifics. AVG Free used to be two programs---an Antivirus and an AntiSpyware. As of 5/31 AVG is now one program with both Antivirus and antispyware all in one and when I installed this new program, the old ones uninstalled. All scans since the problem have not found anything new if that means anything. Any help/ideas/suggestions/info, etc on this infection or if you think I am okay or need to do more would be GREATLY appreciated!! Thanks! SparkyChick |
SparkyChick, Ok,as best I can tell the Trojan you downloaded is the same.You posted Downloader.Wimad.N as the Trojan you downloaded, the full name is "Trojan.Downloader.WMA.Wimad.N"...(please let me know if I understood correctly) The fact that it did not execute (open your browser to fastmp3player.com)is a very good sign ya :) You say there seems to be no harm done to your computer,the Trojan has been deleted and from what I've read about it I feel safe in saying all is well. :xirokrotima: Please REMEMBER to do a spyware/virus scan on all files you download before opening them. Aloha,BCOOL |
Hi BCOOL... WHEW!! :yahoo: Happy to hear that things are most likely okay!! The trojan I downloaded showed up as downloader.wimad.n---I know it didn't have WMA in it, tho, but maybe they are one in the same as you stated. It showed as "high" risk thru my spyware. You're right about scanning the files before opening...I got lazy and probably a little too trusting after years of having zero problems with Limewire. With anything downloaded you NEVER know what you're gonna get, so ALWAYS play it safe---lesson learned! Thanks again for your help....most appreciated :) SparkyChick |
howz It hunter1980, Since I don't know what virus you downloaded (xxxxxxxxx) I can't help you there ya. As for your statement... "What's going on with these mp3 virus? Isn't it possible for you limewire company to remove those infected virus by a special filter?"...Limewire is simply one of numerous p2p 'clients' that work within the Gnutella Network...The Trojans and what not come from files that people have in there share folders.I don't know if you saw it but there is a post on this thread from ursula The Cleaning Lady about this matter. A filter sounds good to me.In the last few months there has been a major increase in infected MP3s.You should always scan anything you download from the Gnutella Network no matter what p2p software you use.To my knowledge none of them offer Spyware/virus filters. Aloha,BCOOL |
I've reinstalled limewire. This time when I downloaded an mp3 KIS reported this virus: http://img155.imageshack.us/img155/5...oardvz7.th.jpg The name of this virus is: Trojan-Downloader.WMA.Wimad.n KIS does not disinfect the files, it simply delete the mp3 files. According to the various webpages, this trojan contains spywares. I tried afterwards, to download 20 different music files from limewire and this time, the infecttion rate is set to 100 %. The actual difference between gnutella and torrent, is that Gnutella can not remove the infected files, while torrent is easy by the admin to simply remove torrent that contains infected mp3 files. Quote:
The name of this virus is: Trojan-Downloader.WMA.Wimad.n KIS does not disinfect the files, it simply delete the mp3 files. According to the various webpages, this trojan contains spywares. I tried afterwards, to download 20 different music files from limewire and this time, the infecttion rate is set to 100 %. The actual difference between gnutella and torrent, is that Gnutella can not remove the infected files, while torrent it is easier by the admin to remove torrent that contains the infected mp3 files. ps: everytime, I put a link of the screenshots taken, then my poster disappears. |
Quote:
You need to remember not all anti virus programs can detect all viruses. BCOOL found one that can detect this particular one & deal with it. Some AV programs are slow or might never add a specific virus definition to their program. Some of the reknown AV programs might be 6-12 months before waking up or again, never add a particular definition. Different AV programs might use a different name for the same virus. |
| All times are GMT -7. The time now is 07:51 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.