virus from torrent wma:wimad

hii,
every time i try to download a movie from torrentz avast shows a message wma:wimad infection and deletes the file ???
even for verified torrents??
what does it mean??? is my laptop virus prone or avast has the bug…
please help
thanks in advance

upload the file to www.virustotal.com and have it tested by 42 malware scanners
when you have the result, copy the URL in the address bar and post it here

Wimad is a trojan that displays a message telling you to download a rogue media player.

http://www.bitdefender.com/VIRUS-1000277-en--Trojan.Downloader.WMA.Wimad.N.html

http://www.symantec.com/security_response/writeup.jsp?docid=2005-011213-2709-99&tabid=2

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TrojanDownloader%3AASX%2FWimad.BV

Hi Sidhandan,

Details of the selected infection are shown below.
This infection can be detected and cleaned using see my cleansing proposal.
Name: Trojan-Downloader.WMA.Wimad
Threat risk: High
Description: Trojan-Downloader.WMA.Wimad compromises system by connecting to the internet to download fake video codecs via Windows Media Player and entince user to install them on the system.
Type: TT_Downloader, TT_Trojan
Also read here: http://www.bitdefender.com/VIRUS-1000317-en--Trojan.Downloader.WMA.Wimad.html

First
Next, download ATF Cleaner by Atribune from here: http://www.atribune.org/content/view/25/1/
and save it to your Desktop.
This program is for XP and Windows 2000 only.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.
Finally click Empty Selected. When you get the “Done Cleaning” message, click OK

Next
Please do a scan with Kaspersky Online Scanner from http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ‘Run as administrator’ to perform this scan.
(Note… for Internet Explorer 7 users: If at any time you have trouble with the “Accept” button of the license, click on the “Zoom” tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

Click on the Accept button and install any components it needs.

* The program will install and then begin downloading the latest definition files.
* After the files have been downloaded on the left side of the page in the Scan section select My Computer
* This will start the program and scan your system.

The program launches and downloads the latest definition files.

* Once the files are downloaded click on Next
* Click on Scan Settings and configure as follows:
      o Scan using the following Anti-Virus database:
              Extended
      o Scan Options:
              Scan Archives
              Scan Mail Bases
* Click OK and, under select a target to scan, select My Computer
  • The scan will take a while, so be patient and let it run.
    When the scan is done, in the Scan is completed window (below), any infection is displayed.
    There is no option to clean/disinfect, however, we need to analyze the information on the report.
    IPB Image
    IPB Image
    To obtain the report: * Once the scan is complete, click on View scan report
    Click on: Save Report As (above - red blinking arrow)
    Next, in the Save as prompt, Save in area, select: Desktop
  • Save the file to your desktop.
    In the File name area, use KScan, or something similar
    In Save as type, click the drop arrow and select: Text file [*.txt]
    Then, click: Save * Copy and paste that information
    Please post the Kaspersky Online Scanner Report in your reply in your next post…

That is all, loads of success,

polonus

hxxp://torrents.thepiratebay.org/5741356/Tekken.2010.DvdRip.Xvid__1337x_-Noir.5741356.TPB.torrent
download this torrent and try to download the movie…and plz let me know is there any virus

Is there such a beast as a verified torrent ?

The only way to guarantee verification is to download from the source/origin with reported MD5 and or Sha1 hashes. Being a movie this is highly unlikely it would be allowed to be downloaded without payment, and all the DRM protection, etc. etc.

HaHa, verified by the piratebay, your having a laugh.

Hi sidnandan,

You better make that link non-click-through by putting htxp or wXw for http or www.
The requested URL is currently unavailable could also mean it is a suspicious redirect.
The times that the Pirate bay has malware problems it was because of third party trackers: the malicious software in question was said to be hosted on 3 domains; savelocity.com, seekerfeed.com, and xoads.com, with another 6 reported as distribution intermediaries including parkneed.com, yieldmanager.com and zxxds.net.

This type of problem is nothing new on torrent sites. Last year we reported how Google and Firefox blocked Empornium, the world’s largest porn tracker, when they suffered similar problems at the hands of outsiders.

This is because Pirate bay downloads are being frowned upon by the content industry in various parts of the world, together with their watch dogs, and to whom will you send complaints as the download comes riddled with malware all sorts from third party injected malcode? Searching for and downloading software and files that have been illegally uploaded there (in various countries the downloading is still possible in some sense) will put you at risk of seriously damaging your computer. There are other more secure ways of obtaining these materials (and I won’t go into details there), but you’d better refrain from P2P etc.,

polonus

Yes there are extremely good ways of obtaining said material! Buy it used on eBay! :smiley:

The file in there is AVI, and there is no possibility for us to detect the WMA:Wimad detection in there. Either you copied wrong torrent link or there is something resident on your system what is converting and infecting the files.

Avast! absolutely can detect wimad in an AVI downloaded through a torrent. It does it through the P2P shield if you have the bittorrent client selected to be checked. I had wimad detected in 2 AVI files and I told Avast! to clean them. Afterwards they would not play anyway because the codec needed had not been installed. Two others were deleted by Avast! as soon as piece number one of the file had been downloaded and scanned. They are not always fake codecs and not always dangerous but you do have to download special players in some cases. To be safe, have Avast! delete any file detected with wimad. You won’t be able to play them anyway without downloading what it wants you to and you should never do that. I now have the P2P shield set to delete as the automatic action.

thanks all … i think i should check my system…