threat: WMA: wimad [susp]

[t.v.]

Hello to everyone,
i scanned my computer with avast and it found a threat > WMA: Wimad [susp] (severity: medium). First of all, could anyone tell me what's this? I tried to look it up on google but i didn't understand much. I tried to repair it but it reports "error: the file was not repaired". I (suppose i) have the newest version of avast since i re-registered 3 days ago. The path of the infected file is: C:\Users\Administrator\Documents\Brooklyn's Finest 2010 DvDrip [Eng]-FXG\Brooklyn's Finest 2010 DvDrip [Eng]-FXG.avi Obviously, a movie..If i remember correctly though, i don't think i watched it yet, thus i didn't run it with media player. Right now i'm scanning my pc with malwarebytes antispyware.
What should i do next?
Thank u in advance.
PS: this is my first post here so i don't know if i gave too much or too less info.

[Pondus]

If detected move to chest/quarantine
remember to update MBAM before scan

Click on name for Technical Information
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Wimad


Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

[t.v.]

Thanks for your answer. I opened the link u gave me and it has 103 types of wimad but not the one avast found. If i put it on the virus chest, will i be safe? Shouldn't i delete the file? Antimalware still didn't find anything

[DavidR]

What do you mean not the one avast found ?
If you refer the the secondary part of the name, e.g. [susp] then that isn't unusual as malware names differ from one AV to another, there is no standard naming convention.

So I believe the detection by avast [susp] suspicious, means it is suspected to be of the wma:wimad family rather than a specific variant signature.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast has a repair routine for, then it may be possible to repair the file to its uninfected state.

However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

So generally the wma:wimad family are trojan downloaders - which is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. That location may be setup to download more malware.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

[t.v.]

Thank u for the quick reply  You were both very helpful

[DavidR]

No problem.

Welcome to the forums.

[raimohan]

i scanned my computer with avast and it found a threat > WMA: Wimad [susp] (severity: medium). First of all, could anyone tell me what's this? I tried to look it up on google but i didn't understand much. I tried to repair it but it reports "error: the file was not repaired". I (suppose i) have the newest version of avast since i re-registered 3 days ago. The infection is in the file Low abiding citizen.avi is a film download from net using torrent. I didn't run it with media player. Is it possiable to see it in any player.
. Right now i'm scanning my pc with malwarebytes antispyware.
What should i do next?

[Pondus]

First of all, could anyone tell me what's this? I tried to look it up on google but i didn't understand much. I tried to repair it but it reports "error: the file was not repaired".

Have you not read the post above your`s........

[kevinjs]

As previous poster pointed out there are 100+ Wimad documented... when Avast does not append the variant (Wimad.<identifier>) how do we know that the file is really infected??

Thanks,

kevinjs

[kubecj]

What does some kind of .<identifier> has in common with being or being not the malware?

[kevinjs]

for example (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Wimad)

TrojanDownloader:ASX/Wimad.BT
TrojanDownloader:ASX/Wimad.CB

the .BT and .CB being the identifier I was asking about.

[kubecj]

These variant names are useless and their usage for comparison with other products is more useless.   The difference between all of these are just in urls. And giving variant name for each url is simply a terrible waste of resources...

[kevinjs]

ok... understood... they are all the same bug with a product related postfix added after the name.
thanks,
-kevinjs