Get mp3 out of the container [with Wimad Trojan]

Avast 4.8.1195.0 2008.07.18 WMA:Wimad
AVG 2008.07.18
BitDefender 7.2 2008.07.18
CAT-QuickHeal 9.50 2008.07.17
ClamAV 0.93.1 2008.07.18
DrWeb 2008.07.18 Trojan.WMALoader
eSafe 2008.07.17
eTrust-Vet 31.6.5965 2008.07.18
Ewido 4.0 2008.07.18
F-Prot 2008.07.18
F-Secure 7.60.13501.0 2008.07.18 Trojan-Downloader.WMA.GetCodec.d
Fortinet 2008.07.18
GData 2.0.7306.1023 2008.07.18 Trojan-Downloader.WMA.GetCodec.d
Ikarus T3. 2008.07.18
Kaspersky 2008.07.18 Trojan-Downloader.WMA.GetCodec.d
McAfee 5341 2008.07.18
Microsoft 1.3704 2008.07.18

Above yo can see how could the virus be recognized by different AV programs

mp3 you have that includes virus/ trojan likely will not play properly on many music players.

If you want to recover this mp3’s, download and install:

Then set it up for recovering mp3:

Edit > Presets
Preset Name = DemuxMP3
Preset Label = DemuxMP3
Preset Command Line = -vn -acodec copy
Output File Extension = mp3
Category = Audio
Add/Update -> Save
Add files to recover (Add…); Convert to…, Audio _>  DemuxMP3; Convert

In my case it just created also few small files that didn’t have any music in it – meaning you need to find this files again anyway.

Another thing is how can you find out that some mp3s are not in the right container.

For this purpose I have used:

if you add all your mp3 files into this program and do ANALYSIS only it will not be able to scan all files within different container, thus showing you empty lines next to a file.

It is not ideal tho as this process is lengthy cause it also analyses files for other stuff

more tags: .wma, .wmv, .asf, trojan, .mp3,


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s