|This article is of interest to the following WikiProjects:|
there many people who come across this rogue media player. But most unaware of the risk of installing it. At least the users of wikipedia will get to know what sort of software it is. I have a personal experience with this which troubled me and wasted my time a lot. this is the start other expert users will enrich the article. Narendrafd 11:02, 26 June 2007 (UTC)
- Thanks for the heads up, Narendrafd; I can't enrich the article with anything but at least it saved ME a lot of trouble, although I've had a similar experience with AntiVermins. Rotten Venetic 09:39, 12 July 2007 (UTC)
Freddyzdead 01:42, 2 August 2007 (UTC)I tried this in a sandbox with VirtualPC 2004. While it's not as malicious as some malware, it does install keyloggers and such, and by its own admission in the Licence agreement, it phones home with data collected from you. Nobody should install this. The content is probably porno, anyway. It was in my case. (The Simpsons Movie)
Wildman Productions is obviously a fake. The domain was created on 2007-08-08 and the files it provides are virus ridden.
- Yes thanks for this article saved me a lot of future trouble but it says "Actually you do not need to install additional software to extract the movie file beneath. PERL scripts are available on the internet that decode the original movie file and convert it into watchable forms without having to download malicious software." where do people get the PERL script from? scoreed —Preceding unsigned comment added by 188.8.131.52 (talk) 23:43, 1 September 2007 (UTC)
This article has some self-references that need to be fixed. There is no reason for Wikipedia to be mentioned. It's also not understood what "these links" and "this page" refer to. --Sbluen 17:02, 29 August 2007 (UTC)
Recently a Fix was uploaded for the Problem created by someone encoding an .Avi file so it must use the 3WPlayer program. It is at:- http://www.torrentbox.com/torrent_details?id=127780 A Software review of this Fix is located at:- http://forums.torrentbox.com/viewtopic.php?p=130611#130611
I removed the following lines:
"Also there are two more utilities in existence. One at Mininova forum has source code included. This has not been tested, but the forum describes how this malware encrypts the file. The other one is available at Wildman Productions website. This has been tested and it works.
There is also a new variation of this malware named DivoCodec. The utility from Wildman Productions works on files altered by this malware too."
For one, it sounds like an advertisement for the site (in my opinion), and two, it seems a tad irresponsible to direct people to decrypt a bogus file because some people in a forum say that that the script might work. Most of the files are not even the movie you're after. From what I've read, it's easier to remove the file and not even mess with the 3wplayer to begin with. The ref link provided () leads the reader to a similar site (wiki.multimedia-->mininova) so advertising it again and claiming that it works seems redundant.Pinkadelica 04:33, 11 September 2007 (UTC) Bold text
The claims about testing are phrased as someone's statements about their experience, and so they are original research, and could have been removed for that reason alone. As for the comments about decoding tools, I'm always skeptical about program binaries linked to from a publicly editable wiki page. But, by the same token, I think most other people are skeptical about these as well; leaving them in but adding citation requests to them would have given the writer of the claims a chance to substantiate them and in the meantime should give readers enough pause to think about the security issues. rakslice (talk) 07:44, 24 July 2008 (UTC)
Fair use rationale for Image:3wPlayer.jpg
Image:3wPlayer.jpg is being used on this article. I notice the image page specifies that the image is being used under fair use but there is no explanation or rationale as to why its use in this Wikipedia article constitutes fair use. In addition to the boilerplate fair use template, you must also write out on the image description page a specific explanation or rationale for why using this image in each article is consistent with fair use.
Please go to the image description page and edit it to include a fair use rationale. Using one of the templates at Wikipedia:Fair use rationale guideline is an easy way to insure that your image is in compliance with Wikipedia policy, but remember that you must complete the template. Do not simply insert a blank template on an image page.
If there is other fair use media, consider checking that you have specified the fair use rationale on the other images used on this page. Note that any fair use images uploaded after 4 May, 2006, and lacking such an explanation will be deleted one week after they have been uploaded, as described on criteria for speedy deletion. If you have any questions please ask them at the Media copyright questions page. Thank you.
BetacommandBot 12:41, 26 October 2007 (UTC)
3wCodec devised by the MPAA?
Look, I'm no fan of the MPAA and the way it has operated, but the fact is that it is potentially liabelous that comment, and I recomend it is removed. Hpka 22:27, 4 November 2007 (UTC)
Um, first up, you need to sourced facts, not post unsourced theories. Second up, that's the most ridiculous conspiracy theory I've heard since... well, since last week actually, but that's not the point. There are multiple viruses which get through software unblocked, typically becfause the malicious code is compressed so as to be unrecognizable, or because the extention doesn't appear to be one capable of holding a virus. These viruses need a decompressor to activate, which doesn't get picked up because its code is not malicious either. So, the 'movie' file is the virus, and is not recognized as such due to its AVI format, and 3wPlayer is the decompressor, which doesn't appear malicious and so isn't picked up. Furthermore, the MPAA just wouldn't do that, they're a large enough company that they don't want to get their hands dirty. 184.108.40.206 (talk) 02:50, 29 February 2012 (UTC)
Does anyone know if this is the same virus infected program, repackaged with a new name? Members at my forum have reported being referred to install this from a torrent download, which didn't make the video viewable, so I suspect its the same story, new name.
More detailed malware description
On 23 July 2008, I added a "citation needed" mark to the claim that "The 3wPlayer is infected with Trojan.Win32.Obfuscated.en,". This kind of claim is serious and needs some kind of citation.
It's possible that the claim was made by someone directly because their anti-virus software flagged the 3wPlayer download as "Trojan.Win32.Obfuscated.en". If so, I think a citation stating when the infected 3wPlayer file was retrieved and what version of what anti-virus software flagged it should be sufficient.
Just in case that claim doesn't get a citation in a reasonable amount of time and has to be removed, I've added some information about Symantec's classification of 3wPlayer.
As an aside, "Trojan.Win32.Obfuscated.en" appears to identify a malware category (i.e. obfuscated trojans on win32 with english text) and not a specific piece of malware, and if that's the case, it should be rephrased to make that clear.
Also, does it make sense to say a trojan dropper is "infected"?
As for the rest of the paragraph, it cut together the generic category descriptions from http://research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.Obfuscated.en&threatid=129755 which it cited as a reference. It kept the source wording verbatim, and even took parts that clearly don't apply to the malware category (for instance a trojan is by definition not "installed without user interaction through security exploits.") Since it is mostly verbatim off of a copyrighted web page that explicitly prohibits reproduction, I have removed it without waiting for comments. If you are the original author of the text at sunbelt-software.com, feel free to put some of the text back in the article, but make sure to leave a note on this talk page so we know that you are allowing it.