I'm using Windows Media Player 11, with all updates. Anytime I play a
music file, MP3, WAV, AU, etc, it plays for exactly 10 seconds, then
the playback pauses and Internet Explorer launches to this URL:

www.flashcodec.com

Then the browser window closes and another window opens to ask if I
want to download/open/run this file:

Windows_Media_Player_Flash_Codec_Plugin.exe

I saved the EXE and scanned it, and sure enough, it contains a virus.

What I can't figure out, is what is causing this behavior. Also, it
only happens on one user account. I'm using XP SP2, and I have 2
admin user accounts, and 1 doesn't have this issue, and the other
does... so it must be some per-user setting. I don't see any weird
processes running, and my anti-virus software isn't reporting anything
(unless I download and run/scan that EXE).

Also, if I skip past the 10 second mark in the song (click the slider
bar to jump to 11 seconds) then I don't have any problems, until the
next song plays, or I replay the song and it hits 10 seconds again...
so this virus must trigger to do something at exactly 10 seconds.

With all of the details I know about it, I can't believe I couldn't
find anything with my various searching (Google, etc). Anyone know
what it is?

I even installed Windows Defender, and no luck. I guess I'll try a
few other anti-spy-ware and anti-virus programs, but I've already
tried several with no luck... and usually Avast! finds everything.

me too

"eselk2003******.com" wrote:

> I'm using Windows Media Player 11, with all updates. Anytime I play a
> music file, MP3, WAV, AU, etc, it plays for exactly 10 seconds, then
> the playback pauses and Internet Explorer launches to this URL:
>
> www.flashcodec.com
>
> Then the browser window closes and another window opens to ask if I
> want to download/open/run this file:
>
> Windows_Media_Player_Flash_Codec_Plugin.exe
>
> I saved the EXE and scanned it, and sure enough, it contains a virus.
>
> What I can't figure out, is what is causing this behavior. Also, it
> only happens on one user account. I'm using XP SP2, and I have 2
> admin user accounts, and 1 doesn't have this issue, and the other
> does... so it must be some per-user setting. I don't see any weird
> processes running, and my anti-virus software isn't reporting anything
> (unless I download and run/scan that EXE).
>
> Also, if I skip past the 10 second mark in the song (click the slider
> bar to jump to 11 seconds) then I don't have any problems, until the
> next song plays, or I replay the song and it hits 10 seconds again...
> so this virus must trigger to do something at exactly 10 seconds.
>
> With all of the details I know about it, I can't believe I couldn't
> find anything with my various searching (Google, etc). Anyone know
> what it is?
>
> I even installed Windows Defender, and no luck. I guess I'll try a
> few other anti-spy-ware and anti-virus programs, but I've already
> tried several with no luck... and usually Avast! finds everything.
>

"j_joyt" wrote:

> me too
>
> "eselk2003******.com" wrote:
>
> > I'm using Windows Media Player 11, with all updates. Anytime I play a
> > music file, MP3, WAV, AU, etc, it plays for exactly 10 seconds, then
> > the playback pauses and Internet Explorer launches to this URL:
> >
> > www.flashcodec.com
> >
> > Then the browser window closes and another window opens to ask if I
> > want to download/open/run this file:
> >
> > Windows_Media_Player_Flash_Codec_Plugin.exe
> >
> > I saved the EXE and scanned it, and sure enough, it contains a virus.
> >
> > What I can't figure out, is what is causing this behavior. Also, it
> > only happens on one user account. I'm using XP SP2, and I have 2
> > admin user accounts, and 1 doesn't have this issue, and the other
> > does... so it must be some per-user setting. I don't see any weird
> > processes running, and my anti-virus software isn't reporting anything
> > (unless I download and run/scan that EXE).
> >
> > Also, if I skip past the 10 second mark in the song (click the slider
> > bar to jump to 11 seconds) then I don't have any problems, until the
> > next song plays, or I replay the song and it hits 10 seconds again...
> > so this virus must trigger to do something at exactly 10 seconds.
> >
> > With all of the details I know about it, I can't believe I couldn't
> > find anything with my various searching (Google, etc). Anyone know
> > what it is?
> >
> > I even installed Windows Defender, and no luck. I guess I'll try a
> > few other anti-spy-ware and anti-virus programs, but I've already
> > tried several with no luck... and usually Avast! finds everything.
> >


me too any help

Hi folks,
after 4 days of hard job, finally i've found how eliminate this problem even if your pc has one account NOT infected. This because the malware (not recognized) only affect the user is on line at moment of infection.

This procedure has deleted the problem:

1) Logon with user that has not affected by the problem

2) type "regedit" in Run window

3) locate [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer]

4) Export that section as filename.reg

5) edit with NOTEPAD this file and replace any string that's containing last username with your! (ex: c:\document & settings\anne\document --->> c:\document & settings\Max\document)
Save the file

5) Logoff

6) Logon with the user affected by the problem

7) type "regedit" in Run window

7)locate [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer]

8) delete it!

9) close regedit

10) locate the file you've modified, click with right mouse and choose "Merge".

That's all, now you can play all your MP3!

I'm sorry about my poor english
Max

I've found other information regarding this malware.

Cmd Urlandexit En Mis Mp3 - Foro de Spyware
and
que es esto????

Day by day, the infection growth.....

NOD32 today recognize this malware, named:
Win32/TrojanDownloader.Small.OCY

Install this patch from Microsoft that blocks any url from MediaPlayer.
http://www.microsoft.com/downloads/d...A-3AA165E667C1

"Max" wrote:

>
> I've found other information regarding this malware.
>
> 'Cmd Urlandexit En Mis Mp3 - Foro de Spyware'
> (http://www.forospyware.com/t176862.html)
>
> Day by day, the infection growth.....
>
> NOD32 today recognize this malware, named:
> Win32/TrojanDownloader.Small.OCY
>
>
> --
> Max
>

Ok Max, thnx. Now, does anyone know how can I remove this thing. It started
to spread on my PC and damaged almost all my mp3s.

The strange thing is that many of them are not working in Winamp, but they
do in mediaplayer, until that page opens (with flashcodec). Others are
playable in Winamp but they are damaged (sounds like a scratched CD).

What can I do to get that thing out. I searched the web and nobody seems to
have this problem. Everything started a few days ago.

On Jun 16, 7:23*am, Max <masd...******.com> wrote:
> Hi folks,
> after 4 days of hard job, finally i've found how eliminate this problem
> even if your pc has one account NOT infected. This because the malware
> (not recognized) only affect the user is on line at moment of
> infection.
>
> This procedure has deleted the problem:
>
> 1) Logon with user that has not affected by the problem
>
> 2) type "regedit" in Run window
>
> 3) locate [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer]
>
> 4) Export that section as filename.reg
>
> 5) edit with NOTEPAD this file and replace any string that's containing
> last username with your! (ex: c:\document & settings\anne\document --->>
> c:\document & settings\Max\document)
> Save the file
>
> 5) Logoff
>
> 6) Logon with the user affected by the problem
>
> 7) type "regedit" in Run window
>
> 7)locate [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer]
>
> 8) delete it!
>
> 9) close regedit
>
> 10) locate the file you've modified, click with right mouse and choose
> "Merge".
>
> That's all, now you can play all your MP3!

Thanks, this worked for me also.

> I'm sorry about my poor english
> Max

No need to appologize, my english is poor also, even though it is my
1st language =]

I have been having this same problem as well. It started about a week ago.

I can play an mp3 in Windows Media Player for about 10 seconds, then I get a
popup telling me to download a file from flashcodec.com. The popup says:

You have chosen to open
Windows_Media_Player_Flash_Codec_Plugin.exe
which is a: Application
from: http://www.flashcodec.com

I also saved the file to scan it and the file appears to be:
trojan.downloader.wma.wimad.p

I can find many ways to remove the trojan downloader wma wimad (which I
don't have because I don't run the downloaded exe), but I can't find how to
remove the popup that is prompting me when I play any mp3.

I have run Windows OneCare, Windows Defender, PCTools Spyware Doctor,
AdAware, BitDefender, Panda Scan and HiJackThis. None of them can find what
is causing my mp3's to cause the popup.

When I try to play the mp3's in Winamp I get the sound of a scratched CD or
they do not play at all, but no popup. On a side not I can play wav files
just fine. I have looked all over the internet for the solution or removal of
this problem but I can not find one.

Please help! :)

My problem is that I only have one account on this computer (Administrator)
so I can not copy the registry keys from anoter account.

I tried the URLandExit registry key and that worked as far as stoping the
popup in Windows Media Player, but the mp3's will still not play in winamp or
if they do play they sound like a scratched CD.

Does this mean all my mp3's are infected? They sound fine in Windows Media
Player.

Andrew
mcconvilleandrew******.com

me 2 have this virus i hate it
i want solve this problem

Update to my mp3 situation:

The problem, for me, seems to be an embedded virus / spyware / malware in
all my mp3 files. Unfortunately for me the registry modification max posted
just suppresses the popup in windows media player, but the mp3's are still
infected.

I've come to this conclusion because I just downloaded a new mp3 from a
classical music website and the mp3 plays just fine in any media player.

This would mean that the problem is in my mp3 files. If the problem was with
the media player it would affect any mp3.

I also used Ashampoo and mp3Val to scan my mp3's and those two programs say
my mp3's are corrupted and can not be repaired.

I think at this point I have to delete all my mp3's, unless someone has
found a way to clean the infected mp3's.

Andrew
mcconvilleandrew******.com

On Wed, 18 Jun 2008 12:18:04 -0700, Andrew
<Andrew@discussions.microsoft.com> wrote:

>Update to my mp3 situation:
>
>The problem, for me, seems to be an embedded virus / spyware / malware in
>all my mp3 files. Unfortunately for me the registry modification max posted
>just suppresses the popup in windows media player, but the mp3's are still
>infected.
>
>I've come to this conclusion because I just downloaded a new mp3 from a
>classical music website and the mp3 plays just fine in any media player.
>
>This would mean that the problem is in my mp3 files. If the problem was with
>the media player it would affect any mp3.
>
>I also used Ashampoo and mp3Val to scan my mp3's and those two programs say
>my mp3's are corrupted and can not be repaired.
>
>I think at this point I have to delete all my mp3's, unless someone has
>found a way to clean the infected mp3's.

Isn't the practical solution to install a reputable, paid-for
antivirus (or Nod32 if you prefer less cost) and have it scan and
quarantine infected files ? I prefer to avoid wholesale deleting of
content unless it's easily recovered / re-ripped

You should be scanning for both Virus and Trojan infections, usually
one opens the door to a wide range of others.

Whoever it was whose running as Administrator - that's a very bad
thing to do, and will result in complete ownership of your machine.

If at all possible, run only as a limited user account, and go to
Administrator only to perform system maintenance or install software
which *required* enhanced account privileges.

HTH
Cheers - Neil
------------------------------------------------
Digital Media MVP : 2004-2008
http://mvp.support.microsoft.com/mvpfaqs

On Wed, 18 Jun 2008 09:34:03 -0700, egyption
<egyption@discussions.microsoft.com> wrote:

>me 2 have this virus i hate it
>i want solve this problem

cant help
wrong forum
bye !

Cheers - Neil
------------------------------------------------
Digital Media MVP : 2004-2008
http://mvp.support.microsoft.com/mvpfaqs

hi max..i can't understand the step number 5..can you revise it for me?
thanks a lot :)

url:http://www.ureader.com/msg/13814305.aspx

Don't panic... don't delete anything. There is a solution to the problem.

Take a look at this website.

http://www.forospyware.com/t176862.html

It's in Spanish but you can probably figure out what is says. You'll find a
download called FS-MP3Fix.zip that contains the program 'fmpeg.exe' that will
clean your mp3 files.

There's also a batch file that doesn't work so well if you have spaces in
your file names. But you can clean files individually from the DOS prompt.



"Andrew" wrote:

> Update to my mp3 situation:
>
> The problem, for me, seems to be an embedded virus / spyware / malware in
> all my mp3 files. Unfortunately for me the registry modification max posted
> just suppresses the popup in windows media player, but the mp3's are still
> infected.
>
> I've come to this conclusion because I just downloaded a new mp3 from a
> classical music website and the mp3 plays just fine in any media player.
>
> This would mean that the problem is in my mp3 files. If the problem was with
> the media player it would affect any mp3.
>
> I also used Ashampoo and mp3Val to scan my mp3's and those two programs say
> my mp3's are corrupted and can not be repaired.
>
> I think at this point I have to delete all my mp3's, unless someone has
> found a way to clean the infected mp3's.
>
> Andrew
> mcconvilleandrew******.com