I downloaded a torrent containing an .avi movie file. I executed it with VLC Media Player and I got a short video telling me to download a so called X3player. Because it was very suspicious, I scanned the folder where this torrent was saved and Avast reported the WMA:wimad [susp] threat.
But my case differs from the previously info we got here because the infected .avi file was already executed with VLC media player on my system.
When I executed it nothing unusual happened besides the fact all I got was a short video telling me to download a X3player instead of the movie it was supposed to play.
But I was not prompted to download anything, no poup-ups or html windows were opened.
So far I’ve experienced NO abnormal system behavior. (the infected file was executed arround 1 hour ago. No sys reboot so far)
Still I’m worried.
So my goal by starting this thread is to make sure whether I should or not take any special action besides removing this WMA:wimad under the Avast standard way of dealing with threats.
Is there anything I can do to make sure whether there were damages or not to my sys? I’m going paranoid here.
Help needed.
One more thing: after that I ran a complete scan on my computer and nothing was reported besides this very WMA:wimad in that torret folder. But it says I need to reboot my computer for the deleting action to take effect.
upload the file to www.virustotal.com and have it scanned by 41 viruscanners, when you have the result, copy the URL in the address bar and post it here
In this case the detection is correct as the player the OP was being told to download would be a source of more malware so the OP should erase the video and avoid any videos from bittorrent sources as a majority of those will ask you to doanload a fake player or codec to play it which is in fact a virus.
Yes that may well be the case, but since this is a new heuristic signature, sending the sample for analysis gives more information to ensure that the signature is further enhanced/tweaked, etc.
Unfortunately that won’t now be possible as the OP has already deleted it, not good to take this action so quickly, move to chest and investigate.
Yes as I have said that may well be the case, but we have been asked with this relatively new heuristic detection to have those reporting it to forward the sample, so that the detection can be analysed and the signature fine tuned as required.