Virus Profile
Virus Name:
W32/RealOnePlayer
Risk Assessment:
HIGH
Virus Information:
Date Discovered: 12/4/2001
Date Added: 3/2/2002
Origin: Unknown
Length: 8,782,848 bytes
Type:
Trojan
SubType:
Win32
Virus Characteristics:
W32/RealOnePlayer comes in two
strains, RealOnePlayer Basic and RealOnePlayer Premium. It infects itself in the host computer by disguising itself as a proprietary
media player. Many websites will host files of this
proprietary format, and will direct the user to a page where they may download the player, however the player is actually a trojan.
When the "player" is installed, it will immediately associate itself with all media
filetypes and installs a
TSR (terminate and stay resident) program which runs in the background and cannot be shut down. The TSR program will forcefully associate itself with all media types any time the associations change. It will often interrupt the user with "helpful" messages which cannot be disabled.
RealOnePlayer Premium differs from RealOnePlayer Basic in that it also charges $9.95 a month to your
credit card after it is installed.
Indications of Infection:
-Presence of "RealOnePlayer" shortcuts on
desktop and in
start menu
-Repeated appearances of "helpful" messages informing you about
file associations.
Method of Infection:
The virus disguises itself as a media player available for download from the website http://www.real.com
Removal Instructions:
There is no known method of removing the virus, infected computer must be
quarantined and burned to prevent further spread of the virus.