Can anyone provide the exe filename for Trojan Wimad-D?

1 ANSWERS

1. 
   

   Troj/Wimad-D is a Windows Media Video file that uses features of Windows Digital Rights Management (DRM) to trigger visit to a web page that will attempt to download several files related to software that delivers internet adverts (adware).
   
   Trojans infect computers, but do not infect files. They can simply be identified and deleted. However, they often make registry or startup file changes so that they are executed on boot-up. The file is an encrypted file protected by DRM. In order to view the video content of the file the user has to acquire a digital license from a third party licensing server. Windows Media Player attempts to acquire the license as soon as the user attempts to view the file.
   
   Troj/Wimad-D contains the URL of the server serving the license. The process uses HTTP protocol to acquire the license. The rendering engine is identical to the Internet Explorer rendering engine. If the server sends a content that includes active scripting together with the license, the content may exploit vulnerabilities in Internet Explorer to download and launch potentialy malicious software and adware programs without user's consent.
   
   http://www.sophos.com/security/analyses/...
   
   This trojan creates various filenames and extensions, such as *.mps, *.wav, *.wmv, etc., mimic legitimate ones, creates a random URL, thus it would hard to pinpoint what the filename could be in a particular computer. http://www.sophos.com/support/disinfecti...
   
   Try AVG http://free.avg.com/ install then
   
   1. Update the AVG definition databases.
   
   2. Disable your System Restore, clean up all Temporary and Recycle Bins. Use ATF-Cleaner from http://www.atribune.org , or use CCleaner from http://www.majorgeeks.com/CCleaner_Porta...
   
   3. Boot to Safe Mode,  [restart, press F8, choose Safe Mode, login] then run AVG. Clean/Quarantine when necessary.

   Report (0) (0)  |   earlier