The 3Wplayer/DompLayer Scam

The 3Wplayer/DompLayer Scam
3wPlayer is a rogue media player software application bundled with trojans that can infect computers running Microsoft Windows.Its a rogue media player which encrypts the media files in a way that they can only be played using the 3wplayer.See it by this example - You downloaded a movie by torrent,and when after long hours of waiting you played It shows a screen like this-
It instructs you to download the 3wmedia player.The 3wPlayer employs a form of social engineering to infect computers. Seemingly desirable video files, such as recent movies, are released via BitTorrent or other distribution channels. These files resemble conventional AVI files, but are engineered to display a message when played on most media player programs, instructing the user to visit the 3wPlayer website and download the software to view the video. The program is bundled with malware that has various undesirable effects.Further,the movie you downloaded may not be the movie you downloaded.It maybe a hardcore porn flick or that of a completely different movie.

According to Symantec, 3wPlayer "may download" a piece of adware they refer to as Adware.Lop,which "adds its own toolbar and search button to Internet Explorer"
The DomPlayer and DivoCodec and 3wPlayer. Users are also instructed to download the player in order to view an AVI file.

What is a 3w-encoded AVI file?
As debunked by Kenneth Sörling (

In a nutshell, it is two movies baked together, back to back. The first is the short clip you've seen, displaying the screen above. The second one is further into the file, hidden and encoded.
This is another case where you are promised features which simply aren't there. They claim that a 3w-encoded file offers superior compression (using a new, advanced codec (compression algorithm)), but in effect it doesn't. Once decrypted, it turns out the hidden movie uses one of a common set of compression standards, such as DIVX or XVID. In other words, they are lying through their teeth.
3wplayer can be removed by scanning with an antivirus.Popular antivirus like Norton,Avast and Kaspersky can be employed to remove it.
 XERO . Thanks to Kenneth Sorling.


Need to say something ? Spell it out :)