Symptoms
While browsing the net some alerts and messages appear that notifies the user about missing or obsolete media codec libraries for Windows Media Player. These are fake messages which rely on social engineering in order to trick the user to voluntarily download and install a piece of malware.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Balint SZENTE, virus researcher
Technical Description:
The malware makes part of a web page that asks the user to download a certain codec or ActiveX component that supposedly helps viewing the content of an (usually inexistent) video file embedded in the page.
The malware is written in Java Script and it is not capable to install itself on the user's computer. It just tricks the user into believing that it has to install a new codec. The message is shown over and over again, even if the user tries to close the page.
The messages or alerts that may appear are one of the following:
-
Windows Media Player Error. Please, click 'OK' for Upgrade Windows Media Player Codec Library.
- Windows Media Player cannot play the file. The Player does not support the format you are trying to play. Please install video codec update.
After these message boxes the page will give to the user an executable file to install on the computer. Usually this file has a codec related name, like wmcodec_update.exe.
The downloaded file usually is a variant of the Zlob trojan.
SHARE
THIS ON