ASF/Wimad! generic trojan

  • Thread starter Thread starter JD
  • Start date Start date
J

JD

Yesterday my Ca AV scan deleted 67 (out of hundreds) Windows Media Audio
files from my computer. I had them backed up on an external drive, but when
I opened the corresponding folder they were again identified as "infected"
with the ASF/Wimad! generic trojan. Many of these files were ripped from CDs
originally created by me (a long time ago) from my synthesizer via a Sony CD
recorder. A few were online purchases from Amazon.
I suspected that these were false positives. Is there a way to test this
hypothesis?
Any idea how such a "trojan" could have gotten into these files? Or how to
remove it?
A Windows Defender full system scan reports "Your computer us running
normally. No harmful files found."
 
An important correction: I find on closer examination that none of the files
I created were identified as infected. All were Internet downloads, from
Amazon or from Target. I scanned each of the My Music subfolders separately
and all the remaining files are clean.
Should I just delete the quarantined files and re-purchase them? Is there a
way to prevent this "infection" from happening again?
 
The same thing happened to me. My last Anti-Virus DAT update was 6pm EST 1/8/10. This afternoon 1/9 the CA on-demand AV scanner deleted a random smattering of my .wma files that had been downloaded from walmart.com at one time or another over the past few years. A few hours later, the real time anti-virus scanner deleted hundreds of .wma files - some downloaded from online some ripped from CDs - in alphabetical order. I have no symptoms of a virus (no hijacked home page, no popups even though popup blocker is turned off in firefox, no slowness). Also, the last update that came out from CA that included protection for this supposed infection was 11/9/09. All of the files my AV deleted today existed on my computer then, so if they were really infected they should have been found and deleted that day or soon after. For these reason, I feel strongly that this is a false positive. I've contacted CA online three times tonight and gotten the same representative who I am trying to work with and convince to agree with me!



JD wrote:

An important correction: I find on closer examination that none of the filesI
08-Jan-10

An important correction: I find on closer examination that none of the files
I created were identified as infected. All were Internet downloads, from
Amazon or from Target. I scanned each of the My Music subfolders separately
and all the remaining files are clean.
Should I just delete the quarantined files and re-purchase them? Is there a
way to prevent this "infection" from happening again?

Previous Posts In This Thread:


Submitted via EggHeadCafe - Software Developer Portal of Choice
Build an Anthem.Net Remote Scripting (AJAX) AutoSuggest Textbox control
http://www.eggheadcafe.com/tutorial...64-f222ded907ff/build-an-anthemnet-remot.aspx
 
I am equally mystified and frustrated. I got a support person online who
told me to restore the files from the Quarantine folder. I reminded him that
the files were DELETED, and he said, "Sorry. They cannot be recovered."
These 67 files had been on my computer for a very long time, and were also
on my backup external hard drive, unplayed and unedited for many, many
months. When I opened the Maxtor external drive, the real-time scanner
immediately deleted the same 67 files from that drive. How could they have
become "infected" along with the duplicates on my hard drive, when they were
"clean" just a few days earlier?
I have scanned the remaining hundreds of wma files in numerous folders and
no "infected" files have been reported. I, too, suspect "false positives." I
am at a loss as to what to do now. If these files really were "infected"
with this trojan, how and when did it happen, how can I prevent it from
happening again, and why these and not others that were in the same folders?
Last July Ca did have a false positive that "quarantined" a number of
innocent Windows system files. They took a lot of heat, and issued a
correction the following day. Maybe it's time to change AV programs.
 
There has to be an option for your AV to just quarantine files instead of
deleting them outright. I would personally never use an AV with that default
option. You should try another AV program. I use Eset NOD32 and have never
had this type of problem. I think it's the best around.
--
DaffyD® ( : []=

If I knew where I was I'd be there now.


JD said:
I am equally mystified and frustrated. I got a support person online who
told me to restore the files from the Quarantine folder. I reminded him
that the files were DELETED, and he said, "Sorry. They cannot be
recovered." These 67 files had been on my computer for a very long time,
and were also on my backup external hard drive, unplayed and unedited for
many, many months. When I opened the Maxtor external drive, the real-time
scanner immediately deleted the same 67 files from that drive. How could
they have become "infected" along with the duplicates on my hard drive,
when they were "clean" just a few days earlier?
I have scanned the remaining hundreds of wma files in numerous folders and
no "infected" files have been reported. I, too, suspect "false positives."
I am at a loss as to what to do now. If these files really were "infected"
with this trojan, how and when did it happen, how can I prevent it from
happening again, and why these and not others that were in the same
folders?
Last July Ca did have a false positive that "quarantined" a number of
innocent Windows system files. They took a lot of heat, and issued a
correction the following day. Maybe it's time to change AV programs.





__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4762 (20100111) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
Click to expand...



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4762 (20100111) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
I did find such an option, but alas, too late to prevent the deletion of 67
..wma files. I've decided to go with Microsoft Security Essentials.
Thanks for the input.
DaffyD® said:
There has to be an option for your AV to just quarantine files instead of
deleting them outright. I would personally never use an AV with that
default option. You should try another AV program. I use Eset NOD32 and
have never had this type of problem. I think it's the best around.
--
DaffyD® ( : []=

If I knew where I was I'd be there now.


JD said:
I am equally mystified and frustrated. I got a support person online who
told me to restore the files from the Quarantine folder. I reminded him
that the files were DELETED, and he said, "Sorry. They cannot be
recovered." These 67 files had been on my computer for a very long time,
and were also on my backup external hard drive, unplayed and unedited for
many, many months. When I opened the Maxtor external drive, the real-time
scanner immediately deleted the same 67 files from that drive. How could
they have become "infected" along with the duplicates on my hard drive,
when they were "clean" just a few days earlier?
I have scanned the remaining hundreds of wma files in numerous folders
and no "infected" files have been reported. I, too, suspect "false
positives." I am at a loss as to what to do now. If these files really
were "infected" with this trojan, how and when did it happen, how can I
prevent it from happening again, and why these and not others that were
in the same folders?
Last July Ca did have a false positive that "quarantined" a number of
innocent Windows system files. They took a lot of heat, and issued a
correction the following day. Maybe it's time to change AV programs.





__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4762 (20100111) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
Click to expand...



__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4762 (20100111) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
Click to expand...
 
Back
Top