Shareaza

Looks like your forum's software's gone on the blink again. Now the list and list-item tags are unrecognized.

Update: seems to be fixed now.

Information on the real WMA:Wimad

Trojan.Downloader.WMA.Wimad
Spreading: medium
Damage: high
Size: aprox 3 Mb
Discovered: 2008 Jun 17

The file could have any extension that Windows Media Player can handle such as ".wma", ".asf", ".wmw" , or others.

Basically the user runs the file in Windows Media Player and gets a browser window that prompts him to download a file named "Codec.exe" .

This is actually an exploit of the media files because its an available feature in stead of an attack to the format.


So, this is a false positive; whereas the wma/asf family of file formats can contain scripts as an "available feature" there's no possiblity of a jpeg hosting a macro virus or similarly. The Joint Photographic Experts Group is smarter than Microsoft, who really should have learned their lesson after the Word-infecting "concept" virus back in the 90s, yet continued to make Office versions that were vulnerable and then made proprietary audio and video formats that were vulnerable.

Furthermore, there's no way for a 3 MB virus to fit inside a 14KB JPEG. I don't care how advanced the compression technology gets, there are information-theoretic laws that make it impossible in this case; the 3 MB virus surely contains way more than 14KB of Kolmogorov complexity any way you slice it.

don't over-complicate things. This is most-likely not a bug. Chances are that you are just downloading the same spam file with different titles and/or you keep connecting to the same bad peer, or group of peers. This is why the file does not verify. The file does not get moved to your downloads folder, therefore it is not removed from your search results. Even if it does, it will still show up as being on your downloads list unless you close that search and start another one. this also explains why the file is "overwritten" - because it is never actually in your downloads folder and is still on your downloads list.

If you think the file is legit then check if there is any metadata - height, width, colors - listed for it (is the details panel empty). If there is data there then you should be able to "forget all known sources" (right-click > properties > actions). If the file does not have any metadata then there is a chance that it is spam(I have yet to see spam results with metadata). Make sure that you have a good anti-spam filter and that it is properly installed.

OK grey-hame, if you want to be helpful, report symptoms and leave the conclusion to others.