I can't believe I fell for this.

[Red Squirrel]

Another valid title would be "I've been owned by Lord Voldermort". So I go to watch Harry Potter, the one that just came out. It says "codec error, open with windows media player". I don't know what I was thinking, so I go ahead and do that, it does the same thing. Then I Google it (should have done that first). It's a virus that takes advantage of a WMP exploit.

Anyone familiar with this one? Running a malwarebytes scan now, but depending on how new this is, don't know if it will find it. Avira did not catch it either.

I guess we all do screw ups at times, at least I caught in time to realize what just happened. Some people would just keep going on their business without even realizing they got pwned.

 

[silent-circuit]

So... you're admitting you pirate movies?

 

[Archmage]

If the movie was just released, then not only are you watching a pirated movie, but a friggn' movie-CAM, as in... not a Blu-Ray rip?

Good lord... I cannot understand that... why not just pay to see the movie in theaters if you're that desperate? At least then you shouldn't feel so bad about pirating the movie when it's released on Blu-Ray (because I firmly support that people who buy movie tickets should be given some credit toward the purchase of the media - well I wish it worked that way).

Anyway... malwarebytes is a good scanner, and Avira updates frequently. It's too bad you don't have a sandboxie or deep-freeze type of procedure in place already.

I'd check over at wilder's security forum for more ideas. Hopefully some heuristics scanner will work for you... I cannot remember what the popular programs are due to sleep deprivation, but I bet I could have helped otherwise.

But heh - you know you deserve it!

 

[Red Squirrel]

It's more or less a convenience thing. I don't have to get off my lazy butt and go in the winter cold to go get it. LOL.

I'm even starting to think the infection did not actually work. It opened in WMP classic, and it was probably for an exploit in the newer version. I'll continue doing scans to be safe but so far nothing seems to be detected.

With that said, once I get setup with a proper HDTV setup and not just using the computer monitor, I will probably end up buying movies just so I know I'm getting the best quality picture. I don't even own a TV yet. Saving up though.

 

[QHalo]

And Harry Potter to top it off. At least pirate something cool if you're going to do it. :/

 

[YeOldeStonecat]

It's more or less a convenience thing. I don't have to get off my lazy butt and go in the winter cold to go get it. LOL..

Time spent going to town to sit with at bunch of 7 year olds in a theater to watch this movie....versus, time spent running malware cleaning programs, worrying about the health of your PC, possibly tossing in the tower and formatting and reinstalling everything...

I dunno, touch choice.

Now you know what most other people that work in IT know, one of the most popular methods of spreading malware..."poisoned content". Movies, songs, software....yup...p2p/torrent crap...good way to make your computer go tits up.

You didn't install that "potato click" codec viewer did you? That's one I frequently see on infested machines.

 

[Red Squirrel]

Actually it's my first time hitting an infected movie. TPB is usually pretty good. They pulled it off now.

 

[ghost6303]

the video itself probably wasnt infected, but the site where it was trying to download the codec is where the virus comes from. most newer versions of media player automatically try to download the correct codec, and there is metadata in the video container where you can specify a web address to get the codec from. the latest version of media player's default settings ask you before downloading codecs to guard against this. if you dont hit yes, you dont get infected.

 

[Shadowssong]

YDI for pirating not only a shitty quality movie but also a shitty movie.

Anyways, MSE + Mbam (+ possible combofix if they don't fix it) should set you straight.

 

[Red Squirrel]

the video itself probably wasnt infected, but the site where it was trying to download the codec is where the virus comes from. most newer versions of media player automatically try to download the correct codec, and there is metadata in the video container where you can specify a web address to get the codec from. the latest version of media player's default settings ask you before downloading codecs to guard against this. if you dont hit yes, you dont get infected.

I was thinking this too. There would have to be a very stupid exploit for the video file itself to be able to execute any code as a video is not even supose to have any code. I had no prompt nor did it even try to download a codec so I think I'm safe. My scans with various tools have found nothing.

 

[MavsX]

sucker. you know TPB has been shut down several times right? IF i was doing bit torrents.. i sure as fuck wouldn't get them from TPB as it is crawling with feds. pwned.