Date Discovered: 12/4/2001
Date Added: 3/2/2002
Length: 8,782,848 bytes
W32/RealOnePlayer comes in two strains
, RealOnePlayer Basic and RealOnePlayer Premium. It infects itself in the host computer by disguising itself as a proprietary media player
. Many websites will host files of this proprietary
format, and will direct the user to a page where they may download the player, however the player is actually a trojan.
When the "player" is installed, it will immediately associate itself with all media filetypes
and installs a TSR
(terminate and stay resident) program which runs in the background and cannot be shut down. The TSR program will forcefully associate itself with all media types any time the associations change. It will often interrupt the user with "helpful" messages which cannot be disabled.
RealOnePlayer Premium differs from RealOnePlayer Basic in that it also charges $9.95 a month to your credit card
after it is installed.
Indications of Infection:
-Presence of "RealOnePlayer" shortcuts on desktop
and in start menu
-Repeated appearances of "helpful" messages informing you about file associations
Method of Infection:
The virus disguises itself as a media player available for download from the website http://www.real.com
There is no known method of removing the virus, infected computer must be quarantined
and burned to prevent further spread of the virus.