Downloaded WAV file installs spyware?
Posted 16 June 2004 - 06:35 AM
When I tried to play the WAV, my system locked up, in several programs. I shut down, then (on a hunch) re-scanned my system. SpyBot found BookedSpace, and AdAware found both BookedSpace and Virtumundo.
If anyone would like to check this WAV file out, I found it on a website called (IIRC) Tom & Jerry Online (yep, the cartoon) and it's in the sounds section--it's the higher-quality version of "Is You Is or Is You Ain't My Baby?" (from the T&J cartoon "Solid Serenade." It's worth a listen, if you apparently don't mind spyware being installed--Tom SWINGS!) It's called isyouis2.wav
I can also email it if you like. I'll be deleting it a bit later
Posted 16 June 2004 - 07:51 AM
Make sure you link this page so I know why I'm getting it. And zip or rar the file please. I don't think Thunderbird launches music files automatically, but I don't want to take any chances.
Spyware: What you say!!
SpywareInfo: You have no chance to survive. Make your time!
Posted 16 June 2004 - 10:37 AM
But you may have been bitten by the old drive by download.
With InternetExplorer opened, click on Tools, Internet Options, and the Advanced tab; Look for a couple of "Install on demand" lines; they should both be UNchecked. When checked, application can be downloaded without you being prompted or even aware....
Posted 16 June 2004 - 11:18 AM
Posted 16 June 2004 - 01:23 PM
I remembered RealPlayer accesses the internet as a matter of course. I thought that might be the problem, so I re-scanned my system w/ both AA and SB-SD, and cleaned up a cookie.
I launched RealPlayer, let it do what it does (a commercial) and shut it down. Rescanned, and cleaned up a cookie ( (username)@edge.ru4.txt, in case you're interested.).
I tried to launch the WAV, and it didn't play (the downloaded copy never has) tho my cursor did briefly go to the hourglass. I tried to launch AA and SB-SD, and they wouldn't launch.
I restarted my system, scanned and SpyBot found BookedSpace, and AdAware found both BookedSpace & Virtumundo. I cleaned up the registry entries, rescanned (both clean), but left both AA and SB-SD open before trying the WAV file again.
Double-click on the WAV, cursor goes to hourglass, no sound...and SpyBot found BookedSpace, and AdAware found both BookedSpace and Virtumundo. Again.
This is *really* weirding me out.
Posted 16 June 2004 - 05:39 PM
I've emailed it to Mike, so hopefully he'll have some insight.
Posted 16 June 2004 - 07:03 PM
Try another wav file on your computer and see what happens. If the same thing happens, then whatever program is set to play wav files is installing the programs that Spybot & Ad-Aware are detecting (in which case it may be a good time to see a HijackThis log).
Posted 17 June 2004 - 02:21 AM
As VD pointed out, & it was going to be my next question, verify your .wav file association.
then whatever program is set to play wav files is installing the programs that Spybot & Ad-Aware are detecting
Open any folder, click on Tools, then Folder Options, then the File Types tab.
Scroll down to WAV, click once (to highlight it), then look below & note which program is set by default to open it...
Posted 17 June 2004 - 06:04 AM
Updated, scanned clean, tried to start WMP. No go (it did not launch). Scanned, and I came up with the same malware problems I had yesterday. It seems my copy of WMP has been corrupted, invaded, pillaged, and burned to the ground.
Thank you all, very much, for your assistance. I thought a WAV file with embedded malware was a bit hinky, also.
Posted 17 June 2004 - 08:47 AM
While you're at it, I would suggest you ditch RealPlayer & grab a safer alternative, like RealAlternative, or JetAudio...
Edited by Doctor J, 17 June 2004 - 08:49 AM.