This is a disguised application under a common media file extension meant to trick the user to download and execute a piece of malware.

While accessing the “.wma” which is a media file extension the following behavior is noticed :

A. A browser page opens to a certain webpage ( ie or

B. It tries to download and execute (when the user hits run on IE ) a malware from the mentioned site.

C. The prompted file to download is named “Codec.exe” which has the Windows Media Player  icon (the name could vary (“PLAY_MP3.exe” or another).

Find out more about symptoms, tehnical description and removal instructions here.

About the author


We're a sublime alloy of intelligence, strength and willpower. We have the sharp mind of the wolf and the sleekness of the dragon, the vigilance of the alpha-male and the indestructibility of the snake's body. We are a unique combination of symbols that fight on Good's side.


Click here to post a comment