My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


aprox 3,5 MB


While accessing the ".wma" which is a media file extension the following behavior is noticed :
  1. A browser page opens to a certain webpage ( )
  2. It tries to download and execute (when the user hits run on IE ) a malware from the mentioned site.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

This is an disguised application meant to trick the user to download and execute a malware. Usually it states the false incapacity of your software configuration to view this kind of media. Due to the common misconception that malware or viruses are only in executables, the user could be lead to trust this strategy and install without his knowledge the downloaded threat.

The file could be saved with different names of various celebrities, usually events or generally appealing things to users. This makes the malware spread with the help of users.

First , the malware opens a browser window to where it gets a file , which is an installer signed with the name Adware.PlayMp3z.A ( a detailed description of this malware here : ). The downloaded file is saved with the name "PLAY_MP3.exe" .