• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Publius

Downloaded WAV file installs spyware?

12 posts in this topic

I downloaded a WAV file from a cartoon fan site (that played while I was on the site) and just tried to listen to it. IMMEDIATELY before listening to it, I had scanned with both AdAware and SpyBot (after checking for updates) and my system was clean.

 

When I tried to play the WAV, my system locked up, in several programs. I shut down, then (on a hunch) re-scanned my system. SpyBot found BookedSpace, and AdAware found both BookedSpace and Virtumundo.

 

If anyone would like to check this WAV file out, I found it on a website called (IIRC) Tom & Jerry Online (yep, the cartoon) and it's in the sounds section--it's the higher-quality version of "Is You Is or Is You Ain't My Baby?" (from the T&J cartoon "Solid Serenade." It's worth a listen, if you apparently don't mind spyware being installed--Tom SWINGS!) It's called isyouis2.wav

 

I can also email it if you like. I'll be deleting it a bit later

Share this post


Link to post
Share on other sites

Send it. I don't believe I've ever heard of a .wav file hiding malware.

mike@spywareinfo.com

 

Make sure you link this page so I know why I'm getting it. And zip or rar the file please. I don't think Thunderbird launches music files automatically, but I don't want to take any chances.

Share this post


Link to post
Share on other sites

I also never heard of a malicious .wav file.

But you may have been bitten by the old drive by download.

With InternetExplorer opened, click on Tools, Internet Options, and the Advanced tab; Look for a couple of "Install on demand" lines; they should both be UNchecked. When checked, application can be downloaded without you being prompted or even aware.... :unsure:

Share this post


Link to post
Share on other sites

Thanks, Dr. J, I'll check that out...but I use Opera for all non-work related browsing, which means only three or four different sites which require IE. Anything else is done thru Opera.

Share this post


Link to post
Share on other sites

This is really weird.

 

I remembered RealPlayer accesses the internet as a matter of course. I thought that might be the problem, so I re-scanned my system w/ both AA and SB-SD, and cleaned up a cookie.

 

I launched RealPlayer, let it do what it does (a commercial) and shut it down. Rescanned, and cleaned up a cookie ( (username)@edge.ru4[1].txt, in case you're interested.).

 

I tried to launch the WAV, and it didn't play (the downloaded copy never has) tho my cursor did briefly go to the hourglass. I tried to launch AA and SB-SD, and they wouldn't launch.

 

I restarted my system, scanned and SpyBot found BookedSpace, and AdAware found both BookedSpace & Virtumundo. I cleaned up the registry entries, rescanned (both clean), but left both AA and SB-SD open before trying the WAV file again.

 

Double-click on the WAV, cursor goes to hourglass, no sound...and SpyBot found BookedSpace, and AdAware found both BookedSpace and Virtumundo. Again.

 

This is *really* weirding me out.

Share this post


Link to post
Share on other sites

Hmmmm...I'll have to check that out. It's on my work computer. I *have* seen double extensions on files there, but I'll be sure to double(ha!)-check.

 

I've emailed it to Mike, so hopefully he'll have some insight.

Share this post


Link to post
Share on other sites

Well.... I just downloaded the file. No double extension and it played in Windows Media Player (default program for wav files on my computer) w/o any problems.

 

Try another wav file on your computer and see what happens. If the same thing happens, then whatever program is set to play wav files is installing the programs that Spybot & Ad-Aware are detecting (in which case it may be a good time to see a HijackThis log).

 

-- LB

Share this post


Link to post
Share on other sites
then whatever program is set to play wav files is installing the programs that Spybot & Ad-Aware are detecting

As VD pointed out, & it was going to be my next question, verify your .wav file association.

 

Open any folder, click on Tools, then Folder Options, then the File Types tab.

Scroll down to WAV, click once (to highlight it), then look below & note which program is set by default to open it...

Share this post


Link to post
Share on other sites

That was it, folks. WAV's are associated with Windows Media Player (not Real Audio--why I was thinking Real Audio yesterday is beyond me. Stupidity attack.)(BTW, I *can* see double extensions here, so that wasn't it. Good point, tho, and one I'll be sure to file away for future reference.).

 

Updated, scanned clean, tried to start WMP. No go (it did not launch). Scanned, and I came up with the same malware problems I had yesterday. It seems my copy of WMP has been corrupted, invaded, pillaged, and burned to the ground.

 

Thank you all, very much, for your assistance. I thought a WAV file with embedded malware was a bit hinky, also.

Share this post


Link to post
Share on other sites

A growing number of users here have problem with WMP being corrupted/disabled by malware. I would again follow VashonDude's advice to post a HijackThis log right here, for review by one of the guru.

 

While you're at it, I would suggest you ditch RealPlayer & grab a safer alternative, like RealAlternative, or JetAudio...

Edited by Doctor J

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0