Author Topic: WMA:Wimad [Drp] trying to understand what happened  (Read 4887 times)

0 Members and 1 Guest are viewing this topic.

Offline DollyWest

  • Newbie
  • *
  • Posts: 2
WMA:Wimad [Drp] trying to understand what happened
« on: July 01, 2012, 03:24:20 PM »
I've been using Avast for at least 5 years, and I've never had occasion to use the forums -- that's how good it is. It prevents everything. I've never had to bother with removing a virus. Avast is great.

So I just bought a newish laptop online from ebay, because I couldn't afford a new one. This guy sells a lot of computers and this one seemed like an okay deal. He said it had a new hard drive and a fresh install of Windows 7 and not much else.

First thing I noticed when I got it is that it had some invisible user in C:\Users...so maybe it wasn't all that fresh? I'm not really a computer person. I just deleted that entire User file. Maybe that was the wrong thing to do.

Then when Avast ran a full scan it found a problem. In all these years Avast hasn't found a problem in my files, but it found this WMA:Wimad [Drp] in a single music file that I've never heard of. It asked me to "Move to Chest" -- fine. I have no idea what that means, but I did it.

Before this happened, of course, I moved all my files over from my backup hard drive, including of course a lot of music. And I've done my routine backup since then on my external hard drive, so I'm wondering if that has the virus now too. I don't know whether Avast will scan my backup drive or not, because like I said, I've had zero problems until now.

So I'm wondering a few things.

(1) Where did this come from? Is it from this ebay computer? If it is, I'm pretty unhappy, after the guy who sold it told me how fresh and clean it all was.

(2) I've never used Windows Media Player, either on the ebay computer on my previous computer, although I notice that when I got this computer, WMP was pinned to the task bar. I unpinned it and haven't used it. If I've never used WMP does this mean the problem has not spread? I guess I don't understand the connection between this virus and WMP. I don't know if this thing is going to spread, and if so how.

(3) What does it mean that something is in "the chest"? -- I guess it means the problem still needs to be removed? In all this time, nothing has ever been in "the chest" -- on another thread it was recommended to run SpyBot, which I'm doing. I just want the virus gone in the most easy way. I don't care about the music file, because it isn't mine anyway.

(4) If the full Avast scan found only this one problem, and I manage to remove it, am I pretty safe just to keep using this new, not-so-fresh ebay computer? Or should I do some other stuff?

(5) How do I check my external hard drive to make sure the virus hasn't traveled around?

Thanks so much for taking the time to help someone who is extremely not knowledgeable.

Offline bobo1

  • Poster
  • *
  • Posts: 471
Re: WMA:Wimad [Drp] trying to understand what happened
« Reply #1 on: July 01, 2012, 03:59:03 PM »
Hi,
Try a run of MALWARE BYTES FREE download it & update it much better than spybot. On the suspect computer and do a full scan on it(SAFE MODE PREFERRED) and remove what ever it finds and then do a boot time scan of avast to ensure that it is clean.
Done research this dropper has come via file sharing p2p programes more than likely from an infected WMA or MP3 FILE. So the previous owner on the suspect computer has done file sharing.
I would test the backup drive on a KNOWN VIRUS FREE Computer with a any virus scanner best to use avast, just in case the dropper has spread
« Last Edit: July 01, 2012, 04:59:51 PM by bobo1 »
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG

Offline DollyWest

  • Newbie
  • *
  • Posts: 2
Re: WMA:Wimad [Drp] trying to understand what happened
« Reply #2 on: July 01, 2012, 06:28:48 PM »
Thanks for your help bobo1.

I got to the step of running the boot time scan of avast. When I came back to the computer, it was ready to log into, but there were no results visible anywhere -- how can I find the scan results to know what avast says it found?


Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 712
  • A Good Old Indian!
Re: WMA:Wimad [Drp] trying to understand what happened
« Reply #3 on: July 01, 2012, 06:35:08 PM »
I got to the step of running the boot time scan of avast. When I came back to the computer, it was ready to log into, but there were no results visible anywhere -- how can I find the scan results to know what avast says it found?

It is in C:\Program Data\AVAST Software\aswboot.txt

and as to answer your previous question...there could be possibility that WMA:Winmad was prevented by avast! but it dropped the file on your computer that avast! didnt allow to run and it was blocked..but until the file is inactive and avast! is on u shouldnt worry about it and No AV is 100% and u do need to do in demand scans once a week to ensure nothing got dropped  :)


And we must be cautious even with legit sites as they also can be hosting malware..U make some scans on your external drive if u want to check the files..probably with avast being on there...avast is a on-access scanner...so if the infection is active it will be killed by avast on access scanner.. ;) if its a inactive infection it wont spread to your drives and probably just because u found it in on demand...this signifies 96% probability of infection being inactive  ;D
« Last Edit: July 01, 2012, 06:41:55 PM by true indian »

Offline bobo1

  • Poster
  • *
  • Posts: 471
Re: WMA:Wimad [Drp] trying to understand what happened
« Reply #4 on: July 01, 2012, 10:50:33 PM »
Hi
Do a run with malware bytes free if you have downloaded it and remove all what it finds in full scan.
If avast boot time scan was clear and you was at logon screen. You may be clear. But still run malware bytes free to remove any traces of malware & remove all what it finds.
« Last Edit: July 01, 2012, 10:54:27 PM by bobo1 »
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG