Last night my CA virus scan popped up a trojan message for an MP3 file that has been on my system for about 2 months. It also deleted the file. Specifically that trojan was ASF/Wimad!generic as described here: http://cai.com/us/securityadvisor/v... My concern is this: I thought MP3 files were "safe" from a virus/trojan perspective. My understanding was that if one were using a P2P sharing program, as long as you only downloaded MP3 files you were OK. This MP3 really was an MP3 file which I have played many times on both my system and other MP3 devices. I also found this via a Google search, which mentions that CA is deleting MP3 on other people's system also: http://homeofficeforum.ca.com/homeo... So far, on my systems, this is the first MP3 that has been deleted. So now I'm confused. Is this a problem with CA or are MP3 actually being infected with trojans?

Apparently this malware is sometimes seen in fake .mpg files, but in that case the .mpg file does not work: http://certifiedbug.com/blog/tag/tr... Since you have used that .mpg file before and it worked fine, the CA software may be finding a false positive. Anti-malware software sometimes has bugs in it that detects something as malware when it in reality is not - a false positive. E.g. AdAware 2008 detects SmitFraudFix.exe as malware - both the download, and the file of the same name made when you run the download. SmitFraudFix is a program that fixes what the Smit.Fraud malware does (note the dot) and what many other similar malware does, and also fixes many changes made by malware that are left over when malware has been removed - it is an excellent repair tool, not malware. That's definately a false positive on AdAware's part. Going by those posts in that thread you pointed to, it is possible the CA software could delete all your .mpg files - it doesn't make sense that all those would be malware / have malware in them. If the CA software is NOT presently set to auto delete malware found, do NOT do the default thing and choose to delete all the malware it claims it found - un-select the .mpg files it finds that it says have this malware. If the CA software IS presently set to auto delete malware found, you could set it to ask you what to do or place it in a virus vault or similar when it finds malware or similar rather than doing that. You could then submit the file you don't think is malware to some other anti-malware site for analysis. If it's not malware / doesn't have malware in it according to several other anti-malware sites, it probably isn't/doesn't have malware, and you would need to have the CA software set to ignore .mpg files, or ignore files with this malware, or do something else similar, at least until the bug is fixed. If it isn't malware / doesn't have malware in it according to several other anti-malware sites when you submit a file the CA software says has this malware, contact CA and tell them about the suspected false postive for this malware.

T&W, Thanks for your detailed response. I assume that everying you said related to mpg files applies to mp3 files, which is the filetype I asked about. I will look into whether I can set CA software to ignore .mp3 files.

"I assume that everying you said related to mpg files applies to mp3 files, which is the filetype I asked about." Oops - however, that link I pointed to mentions .mp3 files too. It probably does. Any executable file can have malware in theory, even if it doesn't have an .exe or .dll extension. In any case you could submit a file to other anti-malware sites the CA software flags as having this malware to double check.

Unfortunately, different anti-malware programs do no necessarily list the same malware the same way. Some list aliases - the names other anti-malware programs call the same thing. In this case, I searched using: wimad mp3 and found "hits" like this: http://www.technibble.com/fake-free... - it appears to be the same thing, except the file ASF/wimad!generic is in doesn't execute PLAY_MP3.exe until whatever filename it is in is executed.

Might have been a virus definition update that now found this problem. Treat all files as potential virus. If you downloaded this mp3 consider buying the CD's from trusted retailers or online companies. If you bought the file online get your money back. If you are trading in stolen products....well... "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10