Prevx Research Division
WMPLAYER.EXE
Fraudulent Security ProgramFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove WMPLAYER.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Fraudulent Security Program
- Cloaked Malware
- Malicious Software
- Worm
- Malware Dropper
File Behavior
WMPLAYER.EXE has been seen to perform the following behavior:
- Disables the Notification Balloon for the Windows Security Center
- Disables Access to the Task Manager built into Windows
- Disables Access to the Windows Registry Editior
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Adds products to the system registry
- Writes to another Process's Virtual Memory (Process Hijacking)
- Hooks the WININET.DLL function allowing it to read or copy Http and Https web page content and session information
- Executes a Process
- Changes the Windows Security Center to stop Antivirus status alerts from being displayed
- Changes the Windows Security Center to stop Firewall status alerts from being displayed
- Changes the Windows Security Center to stop Firewall override alerts from being displayed
- Changes the Windows Security Center to stop warnings from being displayed if automatic Windows Updates are not enabled
- Creates a new Background Service on the machine
- Injects code into other processes
- Found on infected systems and resists interrogation by security products
- The Process is polymorphic and can change its structure
- Adds a Registry Key (RUN) to auto start Programs on system start up
- The Process is packed and/or encrypted using a software packing process
- Can communicate with other computer systems using HTTP protocols
- This process creates other processes on disk
- Downloads program file(s) and other content from the web
- Performs DNS look ups to resolve URL IP addresses
- Creates new folders on the system
- Enables an In Process Object/Server - Common with DLL Injections
- Creation and Registers a Browser Helper Object in Internet Explorer
- Installs a browser helper object (BHO)
- Registers a Dynamic Link Library File
WMPLAYER.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Added as a Registry auto start to load Program on Boot up
- Added as a Registry Key (RUNONCE) to auto start Programs on system start up
- Terminated as a Process
- Registered as a Dynamic Link Library File
- This program is often downloaded from the web
Country Of Origin
The filename WMPLAYER.EXE was first seen on May 19 2007 in the following geographical regions of the Webroot community:
- The United Kingdom on May 19 2007
- Germany on May 19 2007
- The United States on Mar 17 2008
- Spain on May 2 2008
- Ukraine on May 2 2008
- Colombia on May 30 2010
File Name Aliases
WMPLAYER.EXE can also use the following file names:
- MAKE IT HAPPEN XVID .AVI.EXE
- DAPHNE (2007) XVID .AVI.EXE
- DARK REPRIEVE (2008) XVID .AVI.EXE
- DANIELS DAUGHTER (2008) XVID .AVI.EXE
- WHO DO YOU THINK YOU ARE S06E01 HDTV XVID .AVI.EXE
- MAD MEN S2E04 THREE SUNDAYS REPACK HDTV XVID .AVI.EXE
- MAD MEN S2E04 THREE SUNDAYS HDTV XVID .AVI.EXE
- MADE OF HONOR XVID .AVI.EXE
- WHITECHAPEL S01E02 WS PDTV XVID .AVI.EXE
- MAGICS BIGGEST SECRETS FINALLY REVEALED S01E10 WS PDTV XVID .AVI.EXE
- MADAGASCAR ESCAPE 2 AFRICA XVID .AVI.EXE
- DARWINS STRUGGLE THE EVOLUTION OF THE ORIGIN OF SPECIES WS PDTV XVID .AVI.EXE
- MAESTRO S01E03 WS PDTV XVID .AVI.EXE
- SIMON GRAYS SMOKING DIARIES WS PDTV XVID .AVI.EXE
- INSIDE IRAQ (2009) 01 23 PDTV XVID .AVI.EXE
- REVISTA DE LA LIGA (2009) 02 03 PDTV XVID .AVI.EXE
- WHO DO YOU THINK YOU ARE S05E02 WS PDTV XVID .AVI.EXE
- WARBIRDS (2008) STV XVID .AVI.EXE
- MAKE IT HAPPEN PAL .AVI.EXE
- RED LIMITED XVID .AVI.EXE
- DARK CARNIVAL (1993) XVID .AVI.EXE
- MAGICS BIGGEST SECRETS FINALLY REVEALED S01E08 WS PDTV XVID .AVI.EXE
- RESURRECTION MARY (2007) LIMITED XVID .AVI.EXE
- MADE OF HONOR NTSC .AVI.EXE
- MADE OF HONOUR.AVI.EXE
- DARKON (2006) LIMITED DOCU NTSC .AVI.EXE
- MADTV S14E10 HDTV XVID .AVI.EXE
- WATCHDOG S24E01 WS PDTV XVID .AVI.EXE
- WAR WOLVES (2009) XVID .AVI.EXE
- CARSON DALY (2009) 01 12 JERRY RICE PDTV XVID .AVI.EXE
- DANCE FOR CAMERA (2003) XVID .AVI.EXE
- DARK REEL (2008) NTSC .AVI.EXE
- WARBIRDS (2008) STV NTSC .AVI.EXE
- MADAGASCAR ESCAPE 2 AFRICA.AVI.EXE
- MAKE ME SMART PART1 WS PDTV XVID .AVI.EXE
- SILENT WITNESS S12E08 HDTV XVID .AVI.EXE
- MAGICS BIGGEST SECRETS FINALLY REVEALED S01E09 WS PDTV XVID .AVI.EXE
- DANCING ON ICE THE STORY OF BOLERO WITH TORVILL AND DEAN WS PDTV XVID .AVI.EXE
- REVOLUTIONARY ROAD REAL .AVI.EXE
- INSIDE IRAQ (2009) 02 06 PDTV XVID B NEW B .AVI.EXE
- REVANCHE XVID .AVI.EXE
- DANCING WITH THE STARS US S07E07 HDTV XVID .AVI.EXE
- DANCE FOR CAMERA (2003) XVID B NEW B .AVI.EXE
- DANTES INFERNO (2007) XVID .AVI.EXE
- RENT FILMED LIVE ON BROADWAY (2008) NTSC .AVI.EXE
- RENT FILMED LIVE ON BROADWAY (2008) XVID .AVI.EXE
- MADEA GOES TO JAIL XVID .AVI.EXE
- RESCUE ME S05E01 BAPTISM HDTV XVID .AVI.EXE
- WHO DO YOU THINK YOU ARE S06E01 WS PDTV XVID .AVI.EXE
- USRMLNKA.EXE
- HKDUKKPO1PK[1].EXE
- PLAYLIST.EXE
- PEQUENO[1].JPG
- CORNO_VIDEO5[1].SCR
Filesizes
The following file size has been seen:
- 151,552 bytes
- 233,472 bytes
- 592,384 bytes
- 160,103 bytes
- 198,656 bytes
- 45,213 bytes
- 141,312 bytes
- 73,728 bytes
File Type
The filename WMPLAYER.EXE refers to many versions of an executable program.
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.