Can a virus be stored in a ....

D

dfs4

New member
Member
VIP
Local time
1:09 PM
Messages
199
an mp3 file? I downloaded an mp3 file (30mb big) from rapidshare. And just when I opened the download folder and I don't remember if the downloading had finished it or not and I saw a .dat file appear and then disappear(thought it must be related to when download is finished). I also don't remember whether I had clicked it or not that might have triggered the .dat file to appear and then disappear, it all happened quickly. I thought it must have been a virus or a rootkit or something. Ran a housecall trend micro online scan, and it detected a 'gecko~crash' rootkit. Fixed it. Checked google and 'gecko~crash' is some flash-firefox related thing. No idea what it is.

So, is it possible to store a rootkit/virus in an mp3 file?
was the .dat file there indication of a virus or what?
also is 'gecko~crash' some firefox related thing or was it really a rootkit? thanks in advance.
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 32-bit 7600 ...Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz4.00 GBIntel(R) HD Graphics Family
Computer type
Laptop
Computer Manufacturer/Model Number
Dell Inspiron
OS
Microsoft Windows 7 Home Premium 32-bit 7600 Multiprocessor Free
CPU
Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
Motherboard
Dell Inc. 0CG89M
Memory
4.00 GB
Graphics Card(s)
Intel(R) HD Graphics Family
Sound Card
High Definition Audio Device
dfs said:
an mp3 file? I downloaded an mp3 file (30mb big) from rapidshare. And just when I opened the download folder and I don't remember whether it was before, at or after clicking it that I saw a .dat file appear and then disappear. I thought it must have been a virus or a rootkit or something. Ran a housecall trend micro online scan, and it detected a 'gecko~crash' rootkit. Fixed it. Checked google and 'gecko~crash' is some flash-firefox related thing. No idea what it is.

So, is it possible to store a rootkit/virus in an mp3 file?
was the .dat file there indication of a virus or what?
also is 'gecko~crash' some firefox related thing or was it really a rootkit? thanks in advance.
Click to expand...

If i remember it correctly, there is.
Some file merging process. I remember there was a way to store it in a JPG Image.
 

My Computer My Computer

At a glance

Windows 7 Professional x64Intel Core i7 2600k - 3.4 GHz4x4 Ripjaws X79 Series 2133 MHz (9-11-10-28)1x eVGA GTX 580 - 3GB Classified
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Professional x64
CPU
Intel Core i7 2600k - 3.4 GHz
Motherboard
Asus Maximus IV Z68 - Extreme
Memory
4x4 Ripjaws X79 Series 2133 MHz (9-11-10-28)
Graphics Card(s)
1x eVGA GTX 580 - 3GB Classified
Sound Card
Realtek ALC 889 HD Audio
Monitor(s) Displays
Full HD Philips TV 32"
Screen Resolution
1920x1080
Hard Drives
1x Crucial m4 SSD 512 GB
PSU
800W Coolermaster Silentpro Gold
Case
Sentey - Renegade GS-6200
Cooling
Stock
Keyboard
Logitech K800 Wireless
Mouse
Logitech Performance MX Laser
Internet Speed
10MB Internet Connection
Hi dfs,

It is perfectly possible for files of any type to be infected with malware. The most common are files using the .dll, .exe, and .scr extensions, but that certainly does not preclude the infection of files of other filetypes with malware.
 

My Computer My Computer

At a glance

Windows 8.1 Pro RTM x64Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Brid...4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2...MSI GeForce GTX770 Gaming OC 2GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dwarf Dwf/11/2012 r09/2013
OS
Windows 8.1 Pro RTM x64
CPU
Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.4GHz)
Motherboard
ASRock Z77 Extreme4-M
Memory
4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB)
Graphics Card(s)
MSI GeForce GTX770 Gaming OC 2GB
Sound Card
Realtek High Definition on board solution (ALC 898)
Monitor(s) Displays
ViewSonic VA1912w Widescreen (VGA)
Screen Resolution
1440x900
Hard Drives
OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0
PSU
XFX Pro Series 850W Semi-Modular
Case
Gigabyte IF233
Cooling
1 x 120mm Front Inlet 1 x 120mm Rear Exhaust
Keyboard
Microsoft Comfort Curve Keyboard 3000 (USB)
Mouse
Microsoft Comfort Mouse 3000 for Business (USB)
Internet Speed
NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2)
Antivirus
Avast! 8.0.1497
Browser
IE 11
Other Info
Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
WEI Score: 8.1/8.1/8.5/8.5/8.25
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
There have been MP3 virus' found on iPod's but nothing on PC's, MAC's or within Linux, however, if you download MP3's from you iPod which were downloaded and infected it may be possible.
 

My Computer My Computer

At a glance

Vista 64 Ultimate, Windows 7 64 Ultimate, Ubu...i7 975 3.3 GHz Extreme (Factory OC'd to 3.6 GHz)18 Gb Tri-Channel 1066ATI 5970 2048 Mb
Computer Manufacturer/Model Number
DELL XPS Studio 435T
OS
Vista 64 Ultimate, Windows 7 64 Ultimate, Ubuntu 9.10
CPU
i7 975 3.3 GHz Extreme (Factory OC'd to 3.6 GHz)
Motherboard
DELL provided
Memory
18 Gb Tri-Channel 1066
Graphics Card(s)
ATI 5970 2048 Mb
Sound Card
X-Fi Extreme Gamer
Monitor(s) Displays
Vizio 37" HD-TV
Screen Resolution
1920 x 1080
Hard Drives
1.5 Tb HDD
1.5 Tb HDD
2.0 Tb Network Drive
512 Gb Crucial SSD
PSU
DELL Provided 475 watts
Case
DELL
Cooling
3 fans
Keyboard
Logitech Performance K350 Wireless
Mouse
Logitech Performance MX Wireless
Internet Speed
3 Mb up 750 Kb down
Other Info
Bamboo Fun Tablet, Belkin N+ Wireless router, Pioneer Dolby System Wireless Headphones, Bose 5.1 Dolby Surround Sound System, LifeCam VX 3000 Webcam, Blu-Ray/Hi Def DVD +RW combo and Blu-ray +RW,l 15 in 1 media card reader, Logitech Rumblepad 2, Hauppauge 2250 DTV Tuner with MS Media Center Remote

Laptop:Alienware M17x, Q9100 CPU, 8Gb RAM, 1920x1200 WUXGA LCD driven by 4870's in CrossFireX, Bl
They can be stored in the codec section
 

My Computer My Computer

At a glance

Windows 7 Professional x64Intel Core i7 2600k - 3.4 GHz4x4 Ripjaws X79 Series 2133 MHz (9-11-10-28)1x eVGA GTX 580 - 3GB Classified
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Professional x64
CPU
Intel Core i7 2600k - 3.4 GHz
Motherboard
Asus Maximus IV Z68 - Extreme
Memory
4x4 Ripjaws X79 Series 2133 MHz (9-11-10-28)
Graphics Card(s)
1x eVGA GTX 580 - 3GB Classified
Sound Card
Realtek ALC 889 HD Audio
Monitor(s) Displays
Full HD Philips TV 32"
Screen Resolution
1920x1080
Hard Drives
1x Crucial m4 SSD 512 GB
PSU
800W Coolermaster Silentpro Gold
Case
Sentey - Renegade GS-6200
Cooling
Stock
Keyboard
Logitech K800 Wireless
Mouse
Logitech Performance MX Laser
Internet Speed
10MB Internet Connection
Yes, they pretend to be other files, when really they're not. Scan with Malwarebytes' Anti-malware. You're probably infected.
 

My Computer My Computer

At a glance

Windows 7 Enterprise 64-bitAMD Phenom II X4 3.0GHz8GB G-Skill Ripjaws DDR3 1333PNY GeForce 460 GTX 1GB OC - Enthusiast Edition
OS
Windows 7 Enterprise 64-bit
CPU
AMD Phenom II X4 3.0GHz
Motherboard
ASUS M5A97
Memory
8GB G-Skill Ripjaws DDR3 1333
Graphics Card(s)
PNY GeForce 460 GTX 1GB OC - Enthusiast Edition
Sound Card
VIA High Definition Audio
Monitor(s) Displays
Dell 19"
Screen Resolution
1280x1024
Hard Drives
1TB - Primary
160GB - Secondary
250GB - External backup for important files
PSU
OCZ Fata1ty 700W Modular PSU
Case
ASUS
Keyboard
Microsoft Wireless Keyboard 2000
Mouse
Microsoft Wireless Mouse 2000
Internet Speed
3 Mbps/768 kbps
When downloading files they are ususaly downloaded to a temp file first. Then only copied to the final name/location when it's finished. This prevents users or other programs from trying to acess the file until it has completely finished downloading. So it's entirely possible that what you saw was the very last bit of the copy from the .dat temp file to the .mp3 file, then the .dat was deleted.

As for the virus, have you tried scanning the mp3 itself?

You may have had the virus for some time but only found it becuase you got a little paniced at the .dat file thing which I'm betting was actually harmless.
 

My Computer My Computer

At a glance

Windows 7 x64 Ultimatei7 96012 Gig Corsair DominatorNvidia 480
Computer Manufacturer/Model Number
Scratch built
OS
Windows 7 x64 Ultimate
CPU
i7 960
Motherboard
Asus P6X58D
Memory
12 Gig Corsair Dominator
Graphics Card(s)
Nvidia 480
Sound Card
Maudio Delta 44 + breakout box
Monitor(s) Displays
Dell UltraSharp U2410 24in and Samsung 21 dual monitors
Screen Resolution
1920x1200 and 1280x1024
Hard Drives
Primary: Intel X-25M G2 160G SSD
Secondary: Segate baracuda 1.0 TB
HDs in AHCI mode.
PSU
Corasair TX850
Case
Cooler Master HAF
Cooling
Corsair H50
Keyboard
Logitech G15 + N52 game pad
Mouse
Logitech MX518
Internet Speed
15kbs down 4.5kbps up
Other Info
WEI 7.6
CPU & RAM 7.6
Graphics 7.9
Hard disk 7.7
Always rightclick all downloads to scan with your AV. Save them to your desktop to remind you to do this before you put them in the Downloads folder in case you need to reinstall.
 
It is possible, but unlikely. If it had a double extension, and you don't have your PC set to display all extensions, and you clicked on the file...but then, it wouldn't actually BE an mp3 file. If someone had knowledge of how a media player works, down to the bare code, presumably they could wrap a virus with the mp3, and it would play for a while, then crash the player. This is within the realm of possibility, but very unlikely, as the things they would be able to do from that point would no doubt be severely limited.

A Guy
 

My Computer My Computer

At a glance

Windows 10 Home x64INTEL Core i5-750 Quad-Core 3.37GHzHyperX Fury Black Series 8GB (2 x 4GB) 1866MhzEVGA GeForce GTX 750 Superclocked 1GB 128-Bit...
Computer type
PC/Desktop
OS
Windows 10 Home x64
CPU
INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard
ASUS P7P55D
Memory
HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
Graphics Card(s)
EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
Monitor(s) Displays
LG 32MA68HY 32" IPS
Screen Resolution
1920 x 1080
Hard Drives
Samsung 840 Evo 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
PSU
ANTEC TruePower New TP-550, 80 PLUS, 550W
Case
ANTEC Three Hundred Illusion
Cooling
COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Internet Speed
85 + Mbps
Antivirus
Avast
Browser
Vivaldi
<Start Lecture Mode>

With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

</End Lecture> :)
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
You must log in or register to reply here.

Similar threads

Solved Can a virus enter a USB-transceiver?
Replies
3
Views
1K
strollin
strollin
Could This be a Virus or Malware?
Replies
10
Views
3K
ThrashZone
ThrashZone
Solved suspect a virus need help removing....please
2
Replies
33
Views
22K
Jacee
Jacee
How the data will be stored/saved in memory
Replies
3
Views
4K
Franky
F
Solved Can a virus delete files on mapped network drive?
Replies
7
Views
6K
x BlueRobot
X
Back
Top