Beware of 3wPlayer

A few days ago I come across with this sort of big discovery while looking at the collection of movies that my office have. I copied one movie but it seems that I can’t view it from any video player, and it’s an *.avi file. It said that “This media file can only be played using 3wPlayer that is completely FREE. Please visit (bla bla something website) to download”. So I went to the site and start to download it, but suddenly my antivirus software seems to give me a really helpful situation when he blocked the content that I downloaded. I’m not that surprise when I thought it just a normal blocking while surfing the site. But I didn’t run the installer till a few days later (which is today), I try to install the player but my antivirus once again did a good job.

Then I start to google about 3wplayer and I found out it is actually a player that comes together with trojans. This means, if you install it, congratulations your computer is now installed with trojans. According to Wikipedia, 3wPlayer is a media player software application BUNDLED with Trojans that can infect computers running Microsoft Windows. It is designed to exploit users who download video files, instructing them to download and install the program in order to view the video. These files resemble conventional AVI files, but are engineered to display a message when played on most media player programs, instructing the user to visit the 3wPlayer website and download the software to view the video. The program is bundled with malware that has various undesirable effects.

This player is infected with Trojan.Win32.Obfuscated.en, (http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.Obfuscated.en&threatid=129755) and it can open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware.

So, if you are aware of this and willing to spend your time with a little knowledge of programming (which is not me), you can go to this forum (http://forum.mininova.org/index.php?showtopic=234994521) and follow their steps to decrypt the video file.

But, if you are not, I strongly suggest to buy original products . Just to be informed that the video file is not infected with virus, it is the player that is dangerous, so be careful of what you download.

~ by N2 on March 27, 2008.