Get mp3 out of the container [with Wimad Trojan]

Avast 4.8.1195.0 2008.07.18 WMA:Wimad
AVG 8.0.0.130 2008.07.18
BitDefender 7.2 2008.07.18
CAT-QuickHeal 9.50 2008.07.17
ClamAV 0.93.1 2008.07.18
DrWeb 4.44.0.09170 2008.07.18 Trojan.WMALoader
eSafe 7.0.17.0 2008.07.17
eTrust-Vet 31.6.5965 2008.07.18
Ewido 4.0 2008.07.18
F-Prot 4.4.4.56 2008.07.18
F-Secure 7.60.13501.0 2008.07.18 Trojan-Downloader.WMA.GetCodec.d
Fortinet 3.14.0.0 2008.07.18
GData 2.0.7306.1023 2008.07.18 Trojan-Downloader.WMA.GetCodec.d
Ikarus T3.1.1.34.0 2008.07.18
Kaspersky 7.0.0.125 2008.07.18 Trojan-Downloader.WMA.GetCodec.d
McAfee 5341 2008.07.18
Microsoft 1.3704 2008.07.18

Above yo can see how could the virus be recognized by different AV programs

mp3 you have that includes virus/ trojan likely will not play properly on many music players.

If you want to recover this mp3’s, download and install:

http://winff.org/html_new/

Then set it up for recovering mp3:

Edit > Presets
Preset Name = DemuxMP3
Preset Label = DemuxMP3
Preset Command Line = -vn -acodec copy
Output File Extension = mp3
Category = Audio
Add/Update -> Save
Add files to recover (Add…); Convert to…, Audio _>  DemuxMP3; Convert

In my case it just created also few small files that didn’t have any music in it – meaning you need to find this files again anyway.

Another thing is how can you find out that some mp3s are not in the right container.

For this purpose I have used:

http://mp3gain.sourceforge.net/

if you add all your mp3 files into this program and do ANALYSIS only it will not be able to scan all files within different container, thus showing you empty lines next to a file.

It is not ideal tho as this process is lengthy cause it also analyses files for other stuff

more tags: .wma, .wmv, .asf, trojan, .mp3,

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s