uTorrent and WinZip New Targets of BitTorrent Malware

Written by enigmax on August 07, 2007 

The best torrent software clients like uTorrent or Azureus are free, no strings attached. However, some companies are making money tricking novice users into installing bad clients, bad media players and even bad Winzip-like software. We expose them and their badware and show you how to block them.

All the best BitTorrent clients (like uTorrent) are free and when you install them they don’t install extra stuff on your PC like adverts, annoying popups or spyware.

However, there are companies out there who give you ‘free’ software (like a torrent client) but at the same time install some of that extra stuff you don’t want too. We have regularly reported on BitTorrent clients which also install this malware such as Torrent101, BitRoll, TorrentQ and GetTorrent. These are just a handful of bad clients currently available online.

It didn’t take much research to discover that a Swedish company called Wakenet is behind the enterprise, a company that made news on lots of spyware sites due to its Anti-Leech plugin.

Wakenet has a new domain called uvTorrent.com (currently diverting to their Cash4Downloads site) - no prizes for guessing the planned confusion with novices and the official ‘uTorrent’ client. They also have a new (fake) ‘compression’ utility called Winzix, obviously named to be confused with Winzip. Unfortunate downloaders will download something from BitTorrent, only to learn that it needs to ‘decompressed’ with Winzix in order to work. Installing Winzix again results in malware getting onto the host PC.

Our investigations revealed two major servers carrying the malware-ridden clients, media players, compression utilities and other sites supporting the enterprise:

IP: 69.72.144.122

1. netpumper.com (there’s even a link to this from Wakenet’s homepage)
2. bitgrabber.com
3. bitroll.com
4. c4dl.com
5. cash4downloads.com
6. download.play3w.com
7. get-torrent.com
8. playon.play3w.com
9. winzix.com (additional information from Symantec)
10. bitdownload.org
11. divoplayer.com
12. plugindl.com
13. torrent101.com
14. torrentq.com
15. torrentsoftware.org

IP: 207.44.244.86

1. bitroll.com
2. c4dl.com
3. cash4downloads.com (Click here for removal instructions)
4. download.netpumper.com
5. Uvtorrent.com
6. playon.play3w.com
7. wakenet.se (WakeNet’s own homepage is on the same server)
8. bitsofporn.com
9. domplayer.com
10. gamingtorrent.com
11. kitplayer.com
12. torrentmusic.org
13. torrentgamers.com
14. Torrentspeeder.com (different server currently)

We suggest that everyone stays well away from every site on the above lists. Use uTorrent or Azureus to download and if you ever download anything that requires anything other than a standard media player or WinRAR in order to play, be a little suspicious. Checking the comments to the torrent you plan to download is always a good idea.

For the little more adventurous reader, it’s possible to use the Windows HOSTS file to block the activity caused not only by the malware listed above but also that from hundreds of other sources. We recommend the excellent guide from MVPS, “Blocking Unwanted Parasites with a Hosts File

UPDATE: Reports suggest that software is now available to play 3WPlayer (and possibly DomPlayer) files without getting either player. This software is untested by TorrentFreak.

UPDATE 2: Software to crack 3WPlayer, WinZix can also be found here. Click here for the .torrent.

If you don't like torrents try MP3 Fiesta. They hold nearly 67,000 albums from nearly 17,000 artists. Prices are around the $0.10 mark for single tracks with full albums coming in at roughly $1.00. Tracks are available from 192kbps and they take major credit cards and PayPal

Previously: Use uTorrent to Organize Your BitTorrent Downloads

Next: Television Studios Embrace BitTorrent

61 Responses (Add yours or TrackBack)

Pages: « 1 [2] 3 » Show All

26 Nov 25, 2007 at 02:14 by Squire

Its just the authories messing with torrents , fakes, player scams and password scams who else would want to do a thing like that ? We need database or some thing where we could check to see what was clean or not?

27 Nov 26, 2007 at 23:04 by bouncer86

use 3wdecoder to convert domplayer files but dont be suprised if it aint wot it sez it iz

28 Nov 28, 2007 at 00:08 by JakeBlake

No.Country.for.Old.Men.2007.English.TS.DivX-LTT,
this was some Transgaysporn.

domDexter.S02E09.HDTV.XviD.XOR.[eztv].avi,
was an episode from Heroes.

Bouth asked for this crappy domplayer.

“eBomb that Wakenet”

29 Nov 30, 2007 at 09:49 by sam1441

When it ask you for domplayer just pick up and dumb it in the Recycle Bin and do not forget to Empty the Recycle Bin

30 Dec 05, 2007 at 00:22 by kes47

domplayer what is it this site is a load off rubish cant download NOWT

31 Dec 05, 2007 at 20:21 by Anonymous

from bigmack goldin compas dom shit to

32 Dec 07, 2007 at 03:02 by metal6

thanks glad to see this is all bullshit. hopefully i haven’t downloaded some virus.basically we can’t download shit anymore

33 Dec 07, 2007 at 03:03 by metal6

the assholes win for now

34 Dec 08, 2007 at 06:35 by shamshu

i want free don load dom player

35 Dec 08, 2007 at 13:45 by lokey

the mudder fooker who set that domplayer shite up needs to have his bollox slammed repeatedly in a car door, his parents should be raped in front of him and his whole family should be burned alive, what a PRICK! there is no need for it, if you want to send uh-hum, movies across the net for people to download, do it. dont fuck people over. YOU WANKER.

36 Dec 09, 2007 at 12:30 by kingjim

i have downloaded golden compass.3 times. one needs this dompayer shit.the other two require a codec for windows media player.does any one know what this codec is .or am i wasting my time?thank for any coment.

37 Dec 09, 2007 at 15:17 by wayne norman

i have downloaded golden compass TOO
AND GOT THE DOMPLAYER SHIT
quite a lot of the stuff from iso hunt
via azurius needs a secondary [pay for code] or player.
how are they doing it once ya know that
it should be stoppable..
bring on the geeks.
in the mean time it looks like we just gotta delete
wayne

38 Dec 13, 2007 at 16:23 by Anonymous

[quote comment="176112"]Aliens versus predators requiem on isoHunt is one of these files, running on vlc claims it needs domplayer to run. Also pretending to be an aXXo download.[/quote]

39 Dec 18, 2007 at 02:41 by jeff

people have nothing better to do then piss us off we just want to watch a fucking movie the downloads woeked fine before and now they all need this stupid fucking retarded domplater like wtf!!!

40 Dec 18, 2007 at 10:56 by Chargy

Fukin nightmare dwnloadin movies frm u torrent knw. Dwnloaded 2 “i am legends” lst nite as its a film i really wann c but both came up as fakes. wen r those pricks guna find sumfin beta 2 do with their time!!

41 Dec 18, 2007 at 17:01 by ?TF

bit torrent junkie theres a i am legend on there that works ok look for the posts in comments that say something about a guys head being in the way, it is for the first few minues its an ok cam flick if you stay with it for 5 mins

42 Dec 22, 2007 at 20:24 by 2pac

its fucked up

43 Dec 23, 2007 at 17:49 by Anonymous

[quote comment="154443"]So if im download bittorrent movie files. after i download them do i use winzip or winzix to decompress the files. im a “noob” but i understand abit about this computer shit but i still duno how to unzip all these torrent files and i no you have to pay for winzip… please help![/quote]

44 Jan 02, 2008 at 02:54 by golfingmechanic

This is from a newby. Why doesn’t someone figure out how we can recognize a phony. By the way many thanks to AXXO great stuff. It’s a shame some assholes need to screw with his stuff.

45 Jan 07, 2008 at 00:53 by nimd4

@Jalla, hopefully you’ve supplied the right info there. Wouldn’t want someone else getting these text messages..:)

46 Jan 09, 2008 at 22:12 by bloodseeker

man….nice, i’m seek of that f_ing abuser-tards.

47 Jan 12, 2008 at 18:27 by Joni

I guess I am what would be concidered a “noob”, but I have been downloading bunches of movies that are all this STUPID Domplayer. I recently found a forum and they gave a link to somewhere that can fix them.
It says… that basically the ‘header information is off and that there are two tracks for video in an AVI file and this picks up the other one… or something, like I said, I know very little about this stuff, but I am willing to try it. IT’s free! And I’m so tired of trying to find an actual copy of JUNO that I am about willing to try anything. It says that you can download a utility from Wildman Productions that will remove the crap and let you watch the video normally. The website I found it on is
http://www.goitexpert.com/entry.cfm?entry=DomPlayer-3wPlayer-Fix and they also give a link to Wildman Productions. I hope it works. Just wanted to leave it here, maybe it can help someone else too.

48 Jan 21, 2008 at 08:10 by jay1967

just downloaded hitman.2007.dvdrip.english.[divx]-[neo]avi from seedpeer. asked me to download domplayer after what i have just read about malware there is no chance of me downloading this. wou;d rather wait until a good copy appears on one of the better download sites. domplayer also asks for money so you can download it. BE WARNED. DO NOT DOWNLOAD UNLESS YOU LIKE SHIT GETTING ON YOUR PC.

49 Jan 28, 2008 at 05:23 by wyrm

Ditto for Cloverfield - downloaded 2 pass-protected rars (no pass provided in comments), and 1 Domplayer version. I used the 3wdecoder on it, and it then told me I had to dl the 3wd player. Used the decoder again, and the movie turned out to be a sped-up “Hipster Olympics” from Eastern Europe.

Pages: « 1 [2] 3 » Show All

Add your response

It takes approximately 1 minute for your comment to appear on TorrentFreak after it's posted.