07-30-2012 05:36 AM
Have a mac, running OSX 10.7.4 and updated Anti-virus - open quarantine manager which has identified Troj/Wimad-E.
I click on clean up, authenticate and it starts the clean up - which runs and runs.... evenentually get a dialogue box - can't remove the threat.
Thank you for your help.
Solved! Go to Solution.
07-30-2012 10:55 AM
Troj/Wimad-E detects a malicious web redirect hidden inside windows media files downloaded mainly from torrent sites. The file types are usually .asf or .wma, and the attack does not work on OS X (it's aimed at Windows users, and usually triggers an automatic download of scareware or malware).
Since this is actually a malicious header injected into a video file, your best bet for removing it is either to delete the video file or convert it to another format. You can also create a custom scan set to delete the file, but tossing it in the trash is just as easy.
07-30-2012 04:11 PM
If there's no path listed in the quarantine manager, it might be in Time Machine, or might no longer exist. I'd check your places where you grab wmv and asf files from bittorrent trackers, if you do that -- as this is likely where you'll find it. Do you at least have a file name, or is it completely blank?
If you have no information listed at all, I'd suggest removing the threat name from the Quarantine Manager and seeing if it comes back. These files are not a threat to you (but would be to share with anyone running Windows).