WMA:wimad [susp] infected file already executed with VLC Media Player

[deBALZAC]

I downloaded a torrent containing an .avi movie file. I executed it with VLC Media Player and I got a short video telling me to download a so called X3player. Because it was very suspicious, I scanned the folder where this torrent was saved and Avast reported the WMA:wimad [susp] threat.

I've searched about this WMA:wimad on these Avast forums before starting this thread and I found info about it at http://forum.avast.com/index.php?topic=57649.0

But my case differs from the previously info we got here because the infected .avi file was already executed with VLC media player on my system.

When I executed it nothing unusual happened besides the fact all I got was a short video telling me to download a X3player instead of the movie it was supposed to play.

But I was not prompted to download anything, no poup-ups or html windows were opened.

So far I've experienced NO abnormal system behavior. (the infected file was executed arround 1 hour ago. No sys reboot so far)

Still I'm worried.

So my goal by starting this thread is to make sure whether I should or not take any special action besides removing this WMA:wimad under the Avast standard way of dealing with threats.

Is there anything I can do to make sure whether there were damages or not to my sys? I'm going paranoid here.

Help needed.

One more thing: after that I ran a complete scan on my computer and nothing was reported besides this very WMA:wimad in that torret folder. But it says I need to reboot my computer for the deleting action to take effect.

[Pondus]

upload the file to www.virustotal.com and have it scanned by 41 viruscanners, when you have the result, copy the URL in the address bar and post it here

alternativ www.virscan.org

[DavidR]

This is a new signature - New "Wild" Detection from avast being WMA:Wimad [Susp] in v5.0 signatures.

Advise move to chest and report as FP.

[deBALZAC]

upload the file to www.virustotal.com and have it scanned by 41 viruscanners, when you have the result, copy the URL in the address bar and post it here

alternativ www.virscan.org

damn I've deleted it already

will see what i can do

[demonix00]

This is a new signature - New "Wild" Detection from avast being WMA:Wimad [Susp] in v5.0 signatures.

Advise move to chest and report as FP.

In this case the detection is correct as the player the OP was being told to download would be a source of more malware so the OP should erase the video and avoid any videos from bittorrent sources as a majority of those will ask you to doanload a fake player or codec to play it which is in fact a virus.

[DavidR]

Yes that may well be the case, but since this is a new heuristic signature, sending the sample for analysis gives more information to ensure that the signature is further enhanced/tweaked, etc.

Unfortunately that won't now be possible as the OP has already deleted it, not good to take this action so quickly, move to chest and investigate.

[Jtaylor83]

X3 Player is a scam and a clone of a rogue media player called 3wplayer. Avast's detection was correct.

http://www.mywot.com/en/scorecard/x3player.com

http://en.wikipedia.org/wiki/3wPlayer#x3_player

[DavidR]

Yes as I have said that may well be the case, but we have been asked with this relatively new heuristic detection to have those reporting it to forward the sample, so that the detection can be analysed and the signature fine tuned as required.