|
New Virus On Limewire Hi Everybody. Just to give you all a heads up there's a new virus on Limewire. :mad: Trojan-Downloader.WMA.Wimad.n....It showed up April 7 2008.I picked it up yesterday.My ZoneAlarm zapped it. Lucky ya...Thing is,it looked like a normal MP3...BEWARE :eek: |
Thanks for the HU, but, PLEASE, remember... there are NO viruses on Limewire... Limewire is simply one of numerous p2p 'clients' that work within the Gnutella Network... The viruses that are out there are from US. US meaning normal users. Many 'normal users' do not know that they are sharing infected files. This is because they are, first, victims of the idiocy and arrogance of the client developers and, further, because they are trying to run a marathon before they can even fantasize about crawling. The above means that one should NEVER allow ANY sharing from the default DownLoads Folder... NEVER allow 'Partial Filesharing'... NEVER put any file into a Shared Folder until it has been checked for viruses, proper tagging and actually TESTED ! In simple words... If you do NOT know the quality of something, why should you share it with someone else ? And, if one does share without first really checking the quality, than there is absolutely no grounds for complaint, right ??? Those who share sh¡t are THE PROBLEM. Each and every one of us must use great discipline to be certain to NOT share sh¡t. It's easy if you care. Hey, BCOOL, the above isn't aimed AT you... Just saw the soap-box you carried out here to the field and thought I climb on !!! Ta ! p.s. As long as I am up here, on the box, could a request also be made to you fools that are sharing huge numbers of files to NEVER EVER be an Ultrapeer ? You are wrecking the network with such stupidity. You're also limiting your own p2p activities ! |
OK...Lets all give a big hand to ursula :xirokrotima: :xirokrotima: :xirokrotima: I'm sad to say I got hit with that Trojan again today.Like before it looked like a legitimate MP3.Am I the only one? :pullinghair: |
um il download something that looks like an mp3 , but it doesnt play music , and then il do a search for another mp3 and it says ive already downloaded it .... im guessing thats the virus ? ( im a n00b by the way ) |
Howz It 90hoursleep, I'm not sure what you downloaded.Here is a little information on Trojan.Downloader.WMA.Wimad.N. While accessing the ".wma" which is a media file extension the following behavior is noticed : 1. A browser page opens to a certain webpage ( fastmp3player.com ) 2. It tries to download and execute (when the user hits run on IE ) a malware from the mentioned site....... 1. This adware usually disguises itself as an "codec" for viewing or listening to media files. It states that without this product the user can't access the wanted file. A sample of this kind of strategy of spreading is explained here : Trojan.Downloader.WMA.Wimad.N 2. A window pops up while the user tries to access a certain kind of exploited media file with the title "Play Free MP3s" . It has a checkbox to validate the users choice of the products EULA to a company named "Media Holding Enterprises" . The user has the predefined choice ( the checkbox is already checked ) to install another adware : Adware.Mirar. .................................................. .................................................. .................................................. .................. This is an disguised application meant to trick the user to download and execute a malware. Usually it states the false incapacity of your software configuration to view this kind of media. Due to the common misconception that malware or viruses are only in executables, the user could be lead to trust this strategy and install without his knowledge the downloaded threat. The file could be saved with different names of various celebrities, usually events or generally appealing things to users. This makes the malware spread with the help of users. First , the malware opens a browser window to fastmp3player.com where it gets a file , which is an installer signed with the name Adware.PlayMp3z.A ( a detailed description of this malware here : Adware.PlayMp3z.A ). The downloaded file is saved with the name "PLAY_MP3.exe" . I hope this helps you or anyone else that runs in to this Trojan :) |
Gotta love a soap box. May I have a turn?? It took me quite a while to undo "VUNDO" that I got through this "client" day one. I paid for PRO with my VISA on 05/07/08. I won't list all the hoops I had to jump through to get "clean" again but it included deleting everything and starting over....a couple a times. Now LIMEWIRE says my account has expired and wants me to pay AGAIN! Everyone that uses this computer has been given lessons on how to avoid a repeat performance....thank you URSULA for a concise and lucid description of how the virii/trojans/malware get spread around. I made both my kids read it. There's a special place in hell for writers of malicious code IMO. It keeps Bangalore busy for sure. Meanwile how do I dowload PRO again??? And yes it says LIMEWIRE LLC INTERNET NY on the transaction. |
Quote:
|
Quote:
but no effects though 4 days passed already I have uninstalled it already and removed from the computer even at recycle bin so how will I play the songs I downloaded? pls answer BCOOL or usrula my pc might be in danger:yikes: |
I HAVE DOWNLOADED THAT FILE BCOOL but no effects though 4 days have past already, and I have Uninstalled it and removed programs it also so it not in my pc anymore :). So how do I play my downloaded songs? It still opens the browser so same things happen what now? Does re-installing nescessary? Or is their any way that I can play the file w/o making it open a browser? PLS REPLY GUYS NEED HELP FAST thak you in advance |
i had a few trogans downloading video clips but ZA warned me before I tryed to watch them |
Howz It frylock04, Your post is confusing.In the first part you say 4 days of no problems and then you say your browser is being opened by a MP3 file I guess. If you Google Trojan.Downloader.WMA.Wimad.N. there is information on how to remove it. Other than that I can't help you......Aloha BCOOL |
Howz It jay736. You Just Gotta Love ZA Ya.......Aloha, BCOOL |
Hi All :) I downloaded this same trojan a week or so ago. I'm not technologically intelligent :o so I'm hoping someone can let me know if I'm "safe" now. I downloaded the mp3 and it seemed normal until I tried to play it and it wouldn't play. Tried to delete it, but couldn't. Finally, I scanned it with my AVG free antivirus/anitspyware and it showed the trojan. Here's the part where I want to make sure I'm okay and don't need to do anything else. I moved the infected result to the virus vault and then deleted it from there---is that all I would have needed to do? I haven't had any computer related problems so I'm hoping I'm good to go. Sorry for my techo-stupidity!! :( Another thing I noticed that may be a tip off that the file being downloaded contains a virus....when I tried to preview the mp3 while it was downloading it wouldn't play anything....any thoughts on this or anyone else notice the same thing? I tried downloading a song today and went thru several mp3's where the same thing happened...preview wouldn't work. I cancelled the downloads before they finished and finally found one that did preview and when it finished I scanned it and it was okay. If I cancelled the downloads before they finished and they did contain this trojan, would the trojan still have downloaded or am I okay? Currently running a scan, but, not yet finished so just curious. Thanks for any help!!!! :) |
Howz It SparkyChick, Sorry to here about your problem. First may I ask, the Trojan you downloaded,was it Trojan-Downloader.WMA.Wimad.n ? This Trojan behaves by 1. A browser page opens to a certain webpage ( fastmp3player.com ) 2. fastmp3player.com tries to download and execute (when the user hits run on IE ) a malware from the mentioned site....... You describe a different behaver in that the file won't open and you can't delete it ya. If you Google the Trojans name or go to free antivirus/anitspyware you should find some helpful information.... I not sure if your out of the woods yet.Trojans often make changes in your registry and or delete cretin files.If this has happened the damage needs to be fixed...Just to Delete the Trojan will not do that. When you are downloading a MP3 you should be able to preview it ya.I myself would not trust a file that didn't preview...That fact you stopped the download you should be OK.I would check your Incomplete folder and see if there's any sign of it there.If there is delete it.I understand your running a scan know if nothing shows up you should be fine. REMEMBER, you should always scan all files you download with Limewire before you open them. Please let me know the name of the Trojan you downloaded for my own information. ALOHA,BCOOL |
Hiya BCOOL Thanks for the help. You're right, it was a different infection....downloader.wimad.n. I had actually Googled this when it happened, but, results were mostly in other languages. From what I can gather, it's possibly a keylogger?? I do now recall that it was my AVG antispyware that detected this and not the Antivirus. I followed what AVG suggested...moved the infection to quarantine and then maybe healed it?? I know I had to restart my computer in order for the process to be complete. Sorry...I know--I don't deserve to use a computer!! Unfortunately, I can't go back to check things so I can give better specifics. AVG Free used to be two programs---an Antivirus and an AntiSpyware. As of 5/31 AVG is now one program with both Antivirus and antispyware all in one and when I installed this new program, the old ones uninstalled. All scans since the problem have not found anything new if that means anything. Any help/ideas/suggestions/info, etc on this infection or if you think I am okay or need to do more would be GREATLY appreciated!! Thanks! SparkyChick |
SparkyChick, Ok,as best I can tell the Trojan you downloaded is the same.You posted Downloader.Wimad.N as the Trojan you downloaded, the full name is "Trojan.Downloader.WMA.Wimad.N"...(please let me know if I understood correctly) The fact that it did not execute (open your browser to fastmp3player.com)is a very good sign ya :) You say there seems to be no harm done to your computer,the Trojan has been deleted and from what I've read about it I feel safe in saying all is well. :xirokrotima: Please REMEMBER to do a spyware/virus scan on all files you download before opening them. Aloha,BCOOL |
Hi BCOOL... WHEW!! :yahoo: Happy to hear that things are most likely okay!! The trojan I downloaded showed up as downloader.wimad.n---I know it didn't have WMA in it, tho, but maybe they are one in the same as you stated. It showed as "high" risk thru my spyware. You're right about scanning the files before opening...I got lazy and probably a little too trusting after years of having zero problems with Limewire. With anything downloaded you NEVER know what you're gonna get, so ALWAYS play it safe---lesson learned! Thanks again for your help....most appreciated :) SparkyChick |
howz It hunter1980, Since I don't know what virus you downloaded (xxxxxxxxx) I can't help you there ya. As for your statement... "What's going on with these mp3 virus? Isn't it possible for you limewire company to remove those infected virus by a special filter?"...Limewire is simply one of numerous p2p 'clients' that work within the Gnutella Network...The Trojans and what not come from files that people have in there share folders.I don't know if you saw it but there is a post on this thread from ursula The Cleaning Lady about this matter. A filter sounds good to me.In the last few months there has been a major increase in infected MP3s.You should always scan anything you download from the Gnutella Network no matter what p2p software you use.To my knowledge none of them offer Spyware/virus filters. Aloha,BCOOL |
I've reinstalled limewire. This time when I downloaded an mp3 KIS reported this virus: http://img155.imageshack.us/img155/5...oardvz7.th.jpg The name of this virus is: Trojan-Downloader.WMA.Wimad.n KIS does not disinfect the files, it simply delete the mp3 files. According to the various webpages, this trojan contains spywares. I tried afterwards, to download 20 different music files from limewire and this time, the infecttion rate is set to 100 %. The actual difference between gnutella and torrent, is that Gnutella can not remove the infected files, while torrent is easy by the admin to simply remove torrent that contains infected mp3 files. Quote:
The name of this virus is: Trojan-Downloader.WMA.Wimad.n KIS does not disinfect the files, it simply delete the mp3 files. According to the various webpages, this trojan contains spywares. I tried afterwards, to download 20 different music files from limewire and this time, the infecttion rate is set to 100 %. The actual difference between gnutella and torrent, is that Gnutella can not remove the infected files, while torrent it is easier by the admin to remove torrent that contains the infected mp3 files. ps: everytime, I put a link of the screenshots taken, then my poster disappears. |
Quote:
You need to remember not all anti virus programs can detect all viruses. BCOOL found one that can detect this particular one & deal with it. Some AV programs are slow or might never add a specific virus definition to their program. Some of the reknown AV programs might be 6-12 months before waking up or again, never add a particular definition. Different AV programs might use a different name for the same virus. |
Okay, people, some files I downloaded were WMA files (don't download!!!) that were 4 seconds long and were disguised as a executable file. I still ran it. No side effects. Until i ran AVG. Pretty much 10500 viruses on my computer! its still scanning as i post. HELP!!!!! |
I got the trojan asf.getcodec.aa from dowloading an mp3 file from limewire my antivirus found it but couldnt clean or quarantine it. Antivirus sugested deleting but i couldnt delete it. Anyone know what i could do now? |
Check Out This Address Howz It Aaliyahbellydance , I found this... What kind of trojan is this and how can i manually get rid of it? - Yahoo! Answers You might check this address there's some good information there. Aloha,BCOOL |
ASF.GETCODEC.AA trojan Thank you Bcool and all of you other great people for replying. I am printing out the instructions as I type this so that when I shut down all programs etc..I can still read the instructions in safe mode. Hopefully this will get rid of the problem. I did uninstall my limewirepro because it seems to get a lot of viruses; most of them get caught by my antivirus software. This is the first one that it couldnt do anything with. I would rather pay for music than keep having problems with my computer. Thanks guys/girls really appreciate your help:wai: |
Being aware of virus sizes & typical naming helps greatly in avoiding them in the first place: Virus thread: Typical virus spam file sizes - Make a note of them (click on blue link to see). |
thank you for taking the time out to inform me Aaliyahbellydance |
| All times are GMT -7. The time now is 11:20 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.