Virus Profile



Virus Name:
W32/RealOnePlayer
Risk Assessment:
HIGH


Virus Information:
Date Discovered: 12/4/2001
Date Added: 3/2/2002
Origin: Unknown
Length: 8,782,848 bytes
Type: Trojan
SubType: Win32


Virus Characteristics:
W32/RealOnePlayer comes in two strains, RealOnePlayer Basic and RealOnePlayer Premium. It infects itself in the host computer by disguising itself as a proprietary media player. Many websites will host files of this proprietary format, and will direct the user to a page where they may download the player, however the player is actually a trojan.
When the "player" is installed, it will immediately associate itself with all media filetypes and installs a TSR (terminate and stay resident) program which runs in the background and cannot be shut down. The TSR program will forcefully associate itself with all media types any time the associations change. It will often interrupt the user with "helpful" messages which cannot be disabled.
RealOnePlayer Premium differs from RealOnePlayer Basic in that it also charges $9.95 a month to your credit card after it is installed.

Indications of Infection:
-Presence of "RealOnePlayer" shortcuts on desktop and in start menu
-Repeated appearances of "helpful" messages informing you about file associations.

Method of Infection:
The virus disguises itself as a media player available for download from the website http://www.real.com

Removal Instructions:
There is no known method of removing the virus, infected computer must be quarantined and burned to prevent further spread of the virus.
Actually, version 2.0 is quite nice... The new version is feature-rich, highly configurable, and it loads and responds in a snap, even without previously running in the background.

The player has an option to automatically re-associate specified file types with the RealOne Player. This feature may be disabled during the setup process or afterwards in the preferences window. Also, file types to be associated with RealOne Player can also be set during or after the setup process.

Some of the player's abilities are: CD ripping, DVD playback, and playback of most media types, including mp3, mpeg, avi, QuickTime and Real media file types.

Privacy can be protected to some extent. The user can disable RealOne from sending certain "statistics" to Real Networks' servers. It could be secretly sending more information than they claim to be doing, but I doubt that that is the case. After checking the Task Manager in Windows 2000, RealOne-related processes were not running in the background after I exited the player.

The user interface is very functional, aesthetic, and uncluttered. In a minimal setting, it only has two small buttons that aren't necessary for common use: a "RealOne Message Center" button and a "Media Browser" button.

The current RealOne Player is version 2.0.
RealOne Player Plus has a $19.95 one-time fee
Download page: http://www.real.com/realoneplayer.html (A link to the free version can be found at the lower right corner of that page.)

Log in or registerto write something here or to contact authors.