Hello People–
I run LimeWire; and I occassionally execute downloaded files which pose as [.MP3] files, but are actually a type of script-containing audio file that is
exploited by MalWare. Avast seems to catch these files immediately (when I try to play them), and I send them the the virus chest.
My system seems to be infected anyway. My ZoneAlarm logs (ZoneAlarm is a popular firewall) show repeated attempts by different programs (mostly WmPlayer.exe [Windows Media Player], but also spoolsv.exe, ftp.exe, and hh.exe) to access the internet. Reverse IP lookup shows that the targetted sites are typically associated with the recording-industry (or else WindowsMedia.Com). To date, ZoneAlarm’s logs show that it has blocked all of these attempted accesses.
But yesterday, ZoneAlarm’s log showed that one had slipped through. It got through because the access was executed via Avast.Setup (which is in the “trusted” zone). Avast.Set SHOULD NOT be sending data to www.WindowsMedia.Com. But it did.
I had re-downloaded and re-installed Avast just last week (because it was acting funny). I declined to do that again. Instead, I executed “repair” via the , <Add/Remove Programs>, <avast! AntiVirus> entry. Don’t know if Avast “repair” validates-and-replaces corrupted Avast files or not. Will it???
Persons in a similar situation might want to watch out for MalWare using Avast.Setup as a vehicle of trusted internet access.