centrumsilver1.wmv virus???

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My wife forwarded an email attachment called "centrumsilver1.wmv" to a
bunch of people on her email list. She immediately got an email back
stating that there was a virus in the attachment. I sent an email to all
22 recipients and 5 have answered back so far. 3 had no problem wit the
attachment, 1 couldn't open it and 1 other had Norton detect a virus. I
scanned the attachment through Norton Protection Center and nothing was
shown to be a virus. Then I scanned my entire hard drive with Norton and
then Trend Housecall. 3 low risk cookies are all that was found. I also
ran Spybot and AdAware and nothing was found.
How do I handle this? Is there a place where I can send the attachment
and have it checked out? I have contacted Norton but no reply yet.
Thanks.

Re: centrumsilver1.wmv virus???


| My wife forwarded an email attachment called "centrumsilver1.wmv" to a
| bunch of people on her email list. She immediately got an email back
| stating that there was a virus in the attachment. I sent an email to all
| 22 recipients and 5 have answered back so far. 3 had no problem wit the
| attachment, 1 couldn't open it and 1 other had Norton detect a virus. I
| scanned the attachment through Norton Protection Center and nothing was
| shown to be a virus. Then I scanned my entire hard drive with Norton and
| then Trend Housecall. 3 low risk cookies are all that was found. I also
| ran Spybot and AdAware and nothing was found.
| How do I handle this? Is there a place where I can send the attachment
| and have it checked out? I have contacted Norton but no reply yet.
| Thanks.

WMV fles can NOT be viruses.

Was it really centrumsilver1.wmv.exe ?

There is also the possibility that the WMV was exploiting DRM.  However in that
case it
sill would NOT be a "virus".  It might be considred a trojan.

There is also the possibility, albeit very, very, slim one, that this was using
steganography.  However, the likelihood of this is extremely low to not at all.

Now you indicted "...other had Norton detect a virus".  What EXACTLY did Norton
detect and
I mean verbatim.

Now you also said "My wife forwarded an email attachment called
"centrumsilver1.wmv" "
How EXATCLY was that done ?
Did your wife forward the EXACT email message ?
Did your wife extract the attachment centrumsilver1.wmv and then create a new
exmail
message to her friends with centrumsilver1.wmv attached ?

If you do have the attachment, please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: centrumsilver1.wmv virus???

David H. Lipman wrote:
Quoted text here. Click to load it


No it is .wmv . She just forwarded the whole email. The recipients say
that they don't know what virus it was. Just that when they tried to
open it the antivirus gave them a warning the there was a virus. I will
try to get more info.
I got online with the techs at Norton and they found no evidence of a virus.
Maybe this is a lot of broo ha ha for nothing but I just want to be
sure. I have submitted the file to Norton and I will submit it to the
site you recommended. I will get back to you.
Thanks.

Re: centrumsilver1.wmv virus???

zimpzampzormp wrote:
Quoted text here. Click to load it


After checking this thing out, I've found that all 3 who got the virus
warning are using Yahoo as their email client. Seems to me that this
could be an error on the part of Yahoo.
I will wait for the analysis from Norton and Virus Total. Just in case
anyone is interested I will report back the results.

Re: centrumsilver1.wmv virus???



| After checking this thing out, I've found that all 3 who got the virus
| warning are using Yahoo as their email client. Seems to me that this
| could be an error on the part of Yahoo.
| I will wait for the analysis from Norton and Virus Total. Just in case
| anyone is interested I will report back the results.

I await said results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: centrumsilver1.wmv virus???

David H. Lipman wrote:
Quoted text here. Click to load it

Every av I used showed it clean. I know it it is a .wmv because it opens
as a video. There has to be an issue with Yahoo so I guess I'll just
drop it.
Thanks guys. I have learned a lot on this newsgroup. Even used some of
the info on here to install a new hard drive annnnnnd transfer all the
data from the old drive to the new drive. The comp store wanted $150.00
to do that. Of course, I got in a hurry the first try and screwed it up
but everything seems fine now.
I keep reading about Malwarebytes. Is it really a good alternative to
the resource hog Norton?
Maybe someday I'll know enough to return the favor.

Re: centrumsilver1.wmv virus???

zimpzampzormp wrote:
Quoted text here. Click to load it

Can't say about resource usage, but MBAM isn't an AV scanner, it is a
non-viral malware scanner. Remote Administration Tools (RATs),
downloader bots etc.  

FWIW: It won't even detect any of the virii that one of its team wrote.

Re: centrumsilver1.wmv virus???


| zimpzampzormp wrote:

Quoted text here. Click to load it

| Can't say about resource usage, but MBAM isn't an AV scanner, it is a
| non-viral malware scanner. Remote Administration Tools (RATs),
| downloader bots etc.

| FWIW: It won't even detect any of the virii that one of its team wrote.

That's because there is no such thing as virii and thus you can't detect what
does not
exist.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: centrumsilver1.wmv virus???

David H. Lipman wrote:
Quoted text here. Click to load it

Wrong again,
but if you keep saying it enough,
some newbie might believe you,
click their dumb ass into trouble,
and you can save the day with your inflated ego.

Re: centrumsilver1.wmv virus???

You are an asshole.

--
Dave
http://www.claymanla.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/5905.asp


Quoted text here. Click to load it


Re: centrumsilver1.wmv virus???

David H. Lipman wrote:
Quoted text here. Click to load it

Nice summation of that image in your mirror,
is that your awakening mantra?

Re: centrumsilver1.wmv virus???



Quoted text here. Click to load it


| Wrong again,
| but if you keep saying it enough,
| some newbie might believe you,
| click their dumb ass into trouble,
| and you can save the day with your inflated ego.

http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html

http://linuxmafia.com/~rick/faq/plural-of-virus.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: centrumsilver1.wmv virus???

On Wed, 25 Mar 2009 16:29:15 -0400, "David H. Lipman"

Quoted text here. Click to load it


Not disputing you at all but they are not the best links for providing
evidence. More likely to get fungi (or is it funguses) at Tesco than
viruses (unless you buy from the end of shelf-life section).

Maybe this (the link below) better demonstrates the correct usage for
the plural of virus:
http://en.wikipedia.org/wiki/Plural_of_virus

Re: centrumsilver1.wmv virus???


| On Wed, 25 Mar 2009 16:29:15 -0400, "David H. Lipman"


Quoted text here. Click to load it




| Not disputing you at all but they are not the best links for providing
| evidence. More likely to get fungi (or is it funguses) at Tesco than
| viruses (unless you buy from the end of shelf-life section).

| Maybe this (the link below) better demonstrates the correct usage for
| the plural of virus:
| http://en.wikipedia.org/wiki/Plural_of_virus

OK, now I have three URLs -- again.  :-)

Danke.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: centrumsilver1.wmv virus???

David H. Lipman wrote:
Quoted text here. Click to load it

A quantity of misleading URLs doesn't connote veracity.

Just as the VX community often, if not always, operates outside the
conventional ethic, their chosen jargon is as valid as they use it.

Lipman is only trying to exercise his anti-semetic objective by trying
to manifest himself as the stereotypical obnoxious jew.

Re: centrumsilver1.wmv virus???


Quoted text here. Click to load it

No but it implies it.

Re: centrumsilver1.wmv virus???



| Every av I used showed it clean. I know it it is a .wmv because it opens
| as a video. There has to be an issue with Yahoo so I guess I'll just
| drop it.
| Thanks guys. I have learned a lot on this newsgroup. Even used some of
| the info on here to install a new hard drive annnnnnd transfer all the
| data from the old drive to the new drive. The comp store wanted $150.00
| to do that. Of course, I got in a hurry the first try and screwed it up
| but everything seems fine now.
| I keep reading about Malwarebytes. Is it really a good alternative to
| the resource hog Norton?
| Maybe someday I'll know enough to return the favor.

MalwareBytes Anti Malware (MBAM) is NOT an alternative to Norton AV (NAV), it is
only a
supplement.

If you want to replace NAV I suggest Avira AntiVir.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: centrumsilver1.wmv virus???

Quoted text here. Click to load it


 For what it's worth, I got a copy of the centrumsilver.wmv emailed to me
by a sister-in-law. Pretty funny video if you're over 50 or so. It checked
clean with NOD32, MBAM and via Virustotal. Of course, there's always the
chance that the copy you got was different from what I received.



--
Rick Simon               rsimon@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

Site Timeline