Virus/trojan launched when playing .mpg file

K

kelli kannibal

New member
I downloaded an .mpg file and when I double clicked it, it launched Windows Media Player and started to play.

Then a bunch of browser windows started opening, directed to porn sites. Then my anti-virus software said I had js/seeker virus/trojan.

Anyone know how the .mpg file was able to do this? Are the holes in Windows Media Player? Hidden File extension (not likely, since phex showed it as .mpg)?


Help.
Thanks.
 
I bet it was a .asf file.
ASF files have to ability to direct you on a website
with the Internet Explorer. There he can use JavaScript
to do malicious things.

As far as I know there's nothing to do about the asf
files opening iexplore
 
Yeah, but...
I downloaded the .mpg using PHEX.
Phex prompts you for a file name when downloading, so I edited the filename which was quite long, and specifically entered the inocuous name "An.mpg".

So there was no hidden file extension, unless Phex is hidding those exentsions as well, which seems pretty weird since its java and all.

I'm fairly certain it was just a .mpg file without a hidden extension, I will do more research tonight.

Is there anyway a file with an extension of .mpg (without any hidden extension) can cause a trojan to be triggered? Are there some flaws in windows Media player that allow this?

Stumped.
 
You can rename an asf file to mpg and it will still play, Windows Media Player just guesses what it is when it opens it. So it could have been ( and probably was ) really an asf file.
 
or worse, it was a exe file and you renamed it
why are you all so happy when you run a lame OS and have problems like this?
 
Paradog and tshdos were correct.

The file was in fact a asf file with an mpg extension.
I had to download the Windows Media Resource kit to analyse the file.

The asf file contains a script command that causes IE to go to a URL. That page contains the evil JS/seeker code.

Thank you for all your help.

If you have any thoughts on how I can safely play mpeg/mpg files please let me know.
 
That's an alternative, but I highly recommend BSPlayer . It's a lightweight player, skinnable, free, but fully featured that supports almost all video formats: AVI (you need required codecs -same as Windows Media Player-), ASF, WMV, DAT (VCD and MPEG2), Mpeg... I hate Windows Media Player, I have the default version that has WinME, but that's all, I never updated it...
 
1) use a different browser (i recommend Opera)

2) set up a firewall and block Internet Explorer and Windows Media Player from connecting to the internet

(there are probably a million other solutions as well, but this is the first that came to mind. someone who watches more movies on their comp should be able to assist more.)
 
Use BSPlayer, it will play fine your ASF files and no scripts! (BSPlayer is like WinAmp but for video, you can even get new skins -the default is ugly - ). Also you can download ASFTools and remove any URL or convert the ASF into AVI (I prefer this).
 
go to http://www.mandrake.com and install this OS and forget about viruses.
Why you would still use a OS and/or a "media player" that doesen't have scripting OFF as a default (if you can even turn it off anyway) is beyond me.
Outlook has the same problem, never, ever let anyone run a program on your computer!
It's like letting other people run whatever they want on your computer, what are you stupid or something?
Stop using microsoft products!
 
yes, go get mozilla 1.0 and linux and relax
mozilla will even let you turn javascript on but you can disable pop up windows and other lame **** stuff
you should write web masters of any of these web sites that make you use pop up windows to see things you need to see when they could do it the "old" way. This just makes it so that more and more ad companies can annoy you, and these web masters are helping promote this abuse.
 
Back
Top