So my cousin who doesn’t know any better was trying to get movies and ended up with a file infected with WMA:WIMAD[drp], or rather, from what I could tell, was created for the express purpose of spreading the virus.
He tried running it from his macbook and got the message about needing a windows media codec for his .avi file (no redirection was complete, we were both offline), but it wasn’t the usual system message imitation. The video ran the Universal logo theme and the message was a bright white text cg plastered over it, and I assume that the huge filesize is faked or that it’s a long running video of the universal logo as a still image (once the animation and music complete).
Now I didn’t know much about this virus until today, but the fact that a video that needs a codec…well…ran at all, and that the message was part of the video raised hundreds of red flags in my head.
In any case he jammed his flash drive into my pc anyway to see if I could run it, so I immediately ran avast on it instead doing my best to explain why it didn’t make sense. Saw it was infected with this virus and promptly removed it, telling him he was duped.
In any case coming from a video background I found the execution somewhat amusing…
In any case I was wondering if anyone with a better understanding of the virus could tell me if it has any threat to my PC? From what I could gather it doesn’t do much unless it successfully downloads further malware but didn’t find any solid info on it’s replication behaviors or other ways it might spread. I’ve yet to do a boot scan and wondered if it’s a necessary step in dealing with this. The file was only ever on the flash drive and did not seem to infect the other media files, or my own.
Though I don’t expect to encounter any unknown viruses soon, I was wondering if this would also be the correct forum for a user to report suspicious activity or a confirmed new virus?
Did you have the chance to remove the initial infectious file completely and utterly. I mean was the file shredded or contained in the chest?
Hope your MP3’s not got infected and corrupted. Best to have your logs as mentioned here: http://forum.avast.com/index.php?topic=53253.0
and I will ask a qualified removal expert to look into this issue. When he calls in you have to follow his instructions to the dot,
polonus
P.S. I edit my initial reply here accordingly not to panick but to say that the infection could be rather serious, as WMA:WIMAD[drp] is such a dangerous threat because it compromises the infected computer through a backdoor, making this infection another form of Achilles’s heel on the modern Internet, as the fake codec becomes installed the computer can be freely accessed by cybercriminals,
if you have the file upload it to www.virustotal.com and test with 40+ malware scanners
when you have the result, post the scan link here for us to see
I used the delete option contained in Avast, I do not know it’s extent. I’ve checked all media files, I don’t exactly have much of a collection as I use my laptop primarily for work and the only media aside of designs are a few regional band mp3’s from my promotion work. Easily replaced. Scanned and no issues.
OTL Log is attached.
If I hadn’t had been half asleep when it happened and in a hurry this morning I probably would’ve ran a boot-scan to be on the safe side. I’ll be doing a FS later just in case.
You are welcome. Good that could be ascertained once and for all. Let it be a lesson to your eager clicking cousin to think first and click later.
Thanks again for the heads-up on this very dangerous threat. If it could have saved a couple of victims from getting infected and getting compromised with it, we should and could be grateful. Also welcome to the avast forums. Again thanks for your contribution, and stay safe and secure both offline and online,
When I was researching the virus I hadn’t encountered any versions that had manifested like this, most were infected mp3’s auto converting or asking for a codec with a system message/redirect. I assume the usual version when infecting video also uses a system message?
While it may seem an amateur and amusing method to me to use a CG for an original video equivalent, I’m sure there are a lot of users who don’t know any better. Hope it helps someone too!