View Single Post
  #8 (permalink)  
Old May 23rd, 2008
frylock04 frylock04 is offline
Apprentice
 
Join Date: May 22nd, 2008
Posts: 7
frylock04 is flying high
Exclamation

Quote:
Originally Posted by BCOOL View Post
Howz It 90hoursleep,

I'm not sure what you downloaded.Here is a little information on Trojan.Downloader.WMA.Wimad.N.


While accessing the ".wma" which is a media file extension the following behavior is noticed :

1. A browser page opens to a certain webpage ( fastmp3player.com )
2. It tries to download and execute (when the user hits run on IE ) a malware from the mentioned site.......

1. This adware usually disguises itself as an "codec" for viewing or listening to media files. It states that without this product the user can't access the wanted file. A sample of this kind of strategy of spreading is explained here : Trojan.Downloader.WMA.Wimad.N
2. A window pops up while the user tries to access a certain kind of exploited media file with the title "Play Free MP3s" . It has a checkbox to validate the users choice of the products EULA to a company named "Media Holding Enterprises" . The user has the predefined choice ( the checkbox is already checked ) to install another adware : Adware.Mirar.

.................................................. .................................................. .................................................. ..................


This is an disguised application meant to trick the user to download and execute a malware. Usually it states the false incapacity of your software configuration to view this kind of media. Due to the common misconception that malware or viruses are only in executables, the user could be lead to trust this strategy and install without his knowledge the downloaded threat.

The file could be saved with different names of various celebrities, usually events or generally appealing things to users. This makes the malware spread with the help of users.

First , the malware opens a browser window to fastmp3player.com where it gets a file , which is an installer signed with the name Adware.PlayMp3z.A ( a detailed description of this malware here : Adware.PlayMp3z.A ). The downloaded file is saved with the name "PLAY_MP3.exe" .


I hope this helps you or anyone else that runs in to this Trojan
OMG I DOWNLOADED THAT FILE...
but no effects though 4 days passed already I have uninstalled it already and removed from the computer even at recycle bin so how will I play the songs I downloaded? pls answer BCOOL or usrula my pc might be in danger
Reply With Quote