Author Topic: threat: WMA: wimad [susp]  (Read 36498 times)

0 Members and 1 Guest are viewing this topic.

t.v.

  • Guest
threat: WMA: wimad [susp]
« on: March 26, 2010, 06:33:22 PM »
Hello to everyone,
i scanned my computer with avast and it found a threat > WMA: Wimad [susp] (severity: medium). First of all, could anyone tell me what's this? I tried to look it up on google but i didn't understand much. I tried to repair it but it reports "error: the file was not repaired". I (suppose i) have the newest version of avast since i re-registered 3 days ago. The path of the infected file is: C:\Users\Administrator\Documents\Brooklyn's Finest 2010 DvDrip [Eng]-FXG\Brooklyn's Finest 2010 DvDrip [Eng]-FXG.avi Obviously, a movie..If i remember correctly though, i don't think i watched it yet, thus i didn't run it with media player. Right now i'm scanning my pc with malwarebytes antispyware.
What should i do next?
Thank u in advance.
PS: this is my first post here so i don't know if i gave too much or too less info.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37585
  • Not a avast user
Re: threat: WMA: wimad [susp]
« Reply #1 on: March 26, 2010, 06:43:52 PM »
If detected move to chest/quarantine
remember to update MBAM before scan

Click on name for Technical Information
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Wimad


Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
« Last Edit: March 26, 2010, 06:58:16 PM by Pondus »

t.v.

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #2 on: March 26, 2010, 07:03:19 PM »
Thanks for your answer. I opened the link u gave me and it has 103 types of wimad but not the one avast found. If i put it on the virus chest, will i be safe? Shouldn't i delete the file? Antimalware still didn't find anything

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: threat: WMA: wimad [susp]
« Reply #3 on: March 26, 2010, 07:25:09 PM »
What do you mean not the one avast found ?
If you refer the the secondary part of the name, e.g. [susp] then that isn't unusual as malware names differ from one AV to another, there is no standard naming convention.

So I believe the detection by avast [susp] suspicious, means it is suspected to be of the wma:wimad family rather than a specific variant signature.

Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast has a repair routine for, then it may be possible to repair the file to its uninfected state.

However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

So generally the wma:wimad family are trojan downloaders - which is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. That location may be setup to download more malware.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

t.v.

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #4 on: March 26, 2010, 08:05:15 PM »
Thank u for the quick reply  :) You were both very helpful

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: threat: WMA: wimad [susp]
« Reply #5 on: March 26, 2010, 08:15:02 PM »
No problem.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

raimohan

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #6 on: May 16, 2010, 07:28:16 AM »
i scanned my computer with avast and it found a threat > WMA: Wimad [susp] (severity: medium). First of all, could anyone tell me what's this? I tried to look it up on google but i didn't understand much. I tried to repair it but it reports "error: the file was not repaired". I (suppose i) have the newest version of avast since i re-registered 3 days ago. The infection is in the file Low abiding citizen.avi is a film download from net using torrent. I didn't run it with media player. Is it possiable to see it in any player.
. Right now i'm scanning my pc with malwarebytes antispyware.
What should i do next?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37585
  • Not a avast user
Re: threat: WMA: wimad [susp]
« Reply #7 on: May 16, 2010, 08:42:27 AM »
Quote
First of all, could anyone tell me what's this? I tried to look it up on google but i didn't understand much. I tried to repair it but it reports "error: the file was not repaired".
Have you not read the post above your`s........ ???

kevinjs

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #8 on: May 22, 2010, 09:23:03 PM »
As previous poster pointed out there are 100+ Wimad documented... when Avast does not append the variant (Wimad.<identifier>) how do we know that the file is really infected??

Thanks,

kevinjs

kubecj

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #9 on: May 22, 2010, 10:59:24 PM »
What does some kind of .<identifier> has in common with being or being not the malware?

kevinjs

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #10 on: May 26, 2010, 07:29:27 PM »
for example (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Wimad)

TrojanDownloader:ASX/Wimad.BT
TrojanDownloader:ASX/Wimad.CB

the .BT and .CB being the identifier I was asking about.

kubecj

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #11 on: May 26, 2010, 10:57:20 PM »
These variant names are useless and their usage for comparison with other products is more useless.  ;) The difference between all of these are just in urls. And giving variant name for each url is simply a terrible waste of resources...

kevinjs

  • Guest
Re: threat: WMA: wimad [susp]
« Reply #12 on: May 27, 2010, 01:24:34 AM »
ok... understood... they are all the same bug with a product related postfix added after the name.
thanks,
-kevinjs