This video has been encoded using the latest DivX+ software, if you are having trouble playing this video please try windows media player Media Player should automatically update any out dated codecs

This video has been encoded using the latest DivX+ software, if you are having trouble playing this video please try windows media player 
Media Player should automatically update any out dated codecs

Dear citizens of the internet: The above message that you will find on recent torrents is actually a catch. This message is embedded on a video file disguised as a real movie file. Most commonly they come in HD, BrRip, BluRay and that is what we want to download from the torrents after that new movie has been released and we can’t wait for it to hit our cinemas or rather don’t want to buy.
Let me make it clearer for you: This message only directs you to use Windows Media Player and update codecs where necessary. The thing is the updater that pops up on media player is not from Microsoft but from the distributor of the video, it links to Virus Total.

Don’t cheek here because these guys are the best at remote control and virus creation such that no anti-virus detects them. In fact once you install their software in your PC, they have elevated privileges over your PC and can download your data, browser sites and keep manipulating your PC and notj=hing you can do about it. unless you're committed to never connect to the internet.

BE WARNED. I have ran this update on my testing desktop and I know what I am talking about. Do not test this on your valuable PC because the only way out is an OS reinstall. Yeah don’t even think about System Restore, they quickly undo all your restore points as soon as they have access. It gets worse their software is written in Chinese, so unless your cousin is helpful, take this warning with a serious attitude.

How to be safe you ask?
= Do not download a torrent once you see this. That Open With Windows Media Player.txt
As for the video file, it does not ever play on any media player, even VLC????? REALLY!!



So I have attached a screen shot to show you the url feedback. It’s like no DNS has been setup for the child domain, because this is just a subdomain. Think of what the forest domain does. Spare yourself and only download safe.



So this is how it should look like on media player, be careful even the warning asks you to take precautions:




I have attached a list of the possible sibling domains you may come across as they randomly exchange on every click. Now this is a long list:

am4-r1f4-stor09.uploaded.net
fra-7m22-stor01.uploaded.net
am4-r1f5-stor01.uploaded.net
fra-7m21-stor08.uploaded.net
am4-r1f9-stor07.uploaded.net
fra-7m19-stor06.uploaded.net
am4-r1f9-stor03.uploaded.net
am4-r1f10-stor06.uploaded.net
am4-r1f10-stor04.uploaded.net
am4-r1f6-stor03.uploaded.net
fra-7m22-stor09.uploaded.net
am4-r1f6-stor02.uploaded.net
fra-7m20-stor06.uploaded.net
am4-r1f5-stor06.uploaded.net
am4-r1f5-stor05.uploaded.net
am4-r1f9-stor09.uploaded.net
fra-7m17-stor07.uploaded.net
am4-r1f5-stor02.uploaded.net
fra-7m20-stor02.uploaded.net
am4-r1f9-stor04.uploaded.net
am4-r1f10-stor01.uploaded.net
fra-7m17-stor04.uploaded.net
fra-7m22-stor03.uploaded.net
fra-7m17-stor08.uploaded.net
am4-r1f5-stor04.uploaded.net
fra-7m22-stor07.uploaded.net
fra-7m22-stor06.uploaded.net
fra-7m19-stor02.uploaded.net
fra-7m17-stor01.uploaded.net
am4-r1f4-stor08.uploaded.net
am4-r1f6-stor01.uploaded.net
fra-7m15-stor06.uploaded.net
am4-r1f9-stor02.uploaded.net
fra-7m15-stor03.uploaded.net
am4-r1f10-stor05.uploaded.net
fra-7m22-stor04.uploaded.net
fra-7m21-stor05.uploaded.net
fra-7m21-stor02.uploaded.net
am4-r1f7-stor07.uploaded.net
www.uploaded.net
am4-r1f2-stor06.uploaded.net
am4-r1f5-stor07.uploaded.net
am4-r1f2-stor01.uploaded.net
fra-7m20-stor03.uploaded.net
am4-r1f6-stor06.uploaded.net
am4-r1f4-stor06.uploaded.net
am4-r1f4-stor05.uploaded.net
fra-7m16-stor01.uploaded.net
am4-r1f2-stor07.uploaded.net
am4-r1f5-stor03.uploaded.net
fra-7m20-stor04.uploaded.net
fra-7m19-stor08.uploaded.net
am4-r1f6-stor07.uploaded.net
fra-7m18-stor07.uploaded.net
fra-7m19-stor04.uploaded.net
fra-7m22-stor05.uploaded.net
fra-7m18-stor08.uploaded.net
fra-7m22-stor10.uploaded.net
fra-7m16-stor07.uploaded.net
fra-7m18-stor03.uploaded.net
fra-7m15-stor05.uploaded.net
fra-7m17-stor03.uploaded.net
fra-7m21-stor06.uploaded.net
am4-r1f4-stor03.uploaded.net
fra-7m20-stor07.uploaded.net
fra-7m19-stor03.uploaded.net
am4-r1f7-stor05.uploaded.net
am4-r1f10-stor07.uploaded.net
fra-7m19-stor07.uploaded.net
am4-r1f2-stor02.uploaded.net
fra-7m18-stor06.uploaded.net
am4-r1f2-stor08.uploaded.net
am4-r1f7-stor03.uploaded.net
fra-7m21-stor04.uploaded.net
am4-r1f1-stor09.uploaded.net
am4-r1f7-stor01.uploaded.net
fra-7m21-stor01.uploaded.net
am4-r1f6-stor09.uploaded.net
fra-7m22-stor02.uploaded.net
am4-r1f10-stor03.uploaded.net
am4-r1f7-stor06.uploaded.net
am4-r1f4-stor07.uploaded.net
fra-7m17-stor09.uploaded.net
am4-r1f7-stor08.uploaded.net
fra-7m17-stor02.uploaded.net
am4-r1f2-stor01.uploaded.net
fra-7m20-stor03.uploaded.net
am4-r1f6-stor06.uploaded.net
am4-r1f4-stor06.uploaded.net
am4-r1f4-stor05.uploaded.net
fra-7m16-stor01.uploaded.net
am4-r1f2-stor07.uploaded.net
am4-r1f5-stor03.uploaded.net
fra-7m20-stor04.uploaded.net
fra-7m19-stor08.uploaded.net
am4-r1f6-stor07.uploaded.net
fra-7m18-stor07.uploaded.net
fra-7m19-stor04.uploaded.net
fra-7m22-stor05.uploaded.net
fra-7m18-stor08.uploaded.net
fra-7m22-stor10.uploaded.net
fra-7m16-stor07.uploaded.net
fra-7m18-stor03.uploaded.net
fra-7m15-stor05.uploaded.net
fra-7m17-stor03.uploaded.net
fra-7m21-stor06.uploaded.net
am4-r1f4-stor03.uploaded.net
fra-7m20-stor07.uploaded.net
fra-7m19-stor03.uploaded.net
am4-r1f7-stor05.uploaded.net
am4-r1f10-stor07.uploaded.net
fra-7m19-stor07.uploaded.net
am4-r1f2-stor02.uploaded.net
fra-7m18-stor06.uploaded.net
am4-r1f2-stor08.uploaded.net
am4-r1f7-stor03.uploaded.net
fra-7m21-stor04.uploaded.net
am4-r1f1-stor09.uploaded.net
am4-r1f7-stor01.uploaded.net
fra-7m21-stor01.uploaded.net
am4-r1f6-stor09.uploaded.net
fra-7m22-stor02.uploaded.net
am4-r1f10-stor03.uploaded.net
am4-r1f7-stor06.uploaded.net
am4-r1f1-stor07.uploaded.net
fra-7m18-stor02.uploaded.net
fra-7m20-stor01.uploaded.net
am4-r1f5-stor10.uploaded.net

BE SAFE. DON'T CLICK VIRUS


Comments

  1. UnknownNovember 27, 2015 at 7:29 AM

    thank you very much!
    no wonder it seemed so suspicious

    ReplyDelete
  2. UnknownDecember 14, 2015 at 5:53 PM

    Thanks for the heads up!

    ReplyDelete
  3. UnknownJanuary 1, 2016 at 12:34 AM

    Awesome

    ReplyDelete
  4. UnknownJanuary 3, 2016 at 4:28 PM

    ty for confirming our suspicions...seemed fishy

    ReplyDelete
  5. UnknownFebruary 22, 2016 at 2:21 AM

    intead it downloaded the divx player software

    ReplyDelete
    Replies
    1. UnknownFebruary 22, 2016 at 1:13 PM

      Please make your comment clearer. It might be helpful to users!

      Delete
  6. UnknownFebruary 22, 2016 at 1:12 PM

    This comment has been removed by the author.

    ReplyDelete
  7. DougzMarch 7, 2016 at 9:29 PM

    This comment has been removed by the author.

    ReplyDelete
  8. DougzMarch 7, 2016 at 9:30 PM

    Made this mistake a few weeks ago, once installed it is very nasty. Caught it this time, beware folks.

    ReplyDelete
  9. shashwatxMarch 19, 2016 at 7:36 AM

    Wow! Thanks a lot man! I spent hours fiddling around. The pop up downloaded DivX player and I even updated it to get it to work but it just wouldn't. Thanks a lot.

    ReplyDelete
  10. UnknownMay 30, 2016 at 8:34 AM

    I came across this same situation, and I installed the so-called update. This ended up in a bunch of additional useless applications on my desktop and anti-virus warning about some domain trying to access my PC. Fortunately, this junk was the first thing I installed that day so was able to identify the files added/installed by the date and delete them under Safe Mode. I also had to kill two processes in Task Manager before I finally got rid of all installed files.

    ReplyDelete
  11. UnknownJune 12, 2016 at 9:07 AM

    thank you so much man....

    ReplyDelete
  12. UnknownJuly 1, 2016 at 12:14 AM

    hello... so ive downloaded finding dory 2016 yesterday and ive got the same problem... media player keeps telling me to "download fix" but its not working... is there a fix? or do u delete the movie?

    ReplyDelete
    Replies
    1. UnknownAugust 18, 2016 at 10:43 AM

      This comment has been removed by the author.

      Delete
    2. UnknownAugust 18, 2016 at 10:44 AM

      Delete the movie. As mentioned here it's malware and can potentially take remote access of your system.

      Delete
    3. UnknownAugust 18, 2016 at 10:44 AM

      Delete the movie. As mentioned here it's malware and can potentially take remote access of your system.

      Delete
  13. AnonymousJuly 29, 2016 at 12:19 AM

    Hi, I went through the same mistake and identified all visible apps that were installed. My question is, is there a possibility of trojan or other data retrieving script that may have been installed in the root system that I won't be able to identify? If so if I backed up my files to reinstall mac wouldn't it be still there once i restore it? It is such a terrible feeling knowing that there's a pesticide inside my computer stealing my data.

    ReplyDelete
  14. UnknownAugust 8, 2016 at 12:05 PM

    So, this issue happened me today , is it in an OS reinstall to get out of it, or do I have to do a complete format ?

    ReplyDelete
  15. UnknownAugust 8, 2016 at 12:16 PM

    So, this issue happened me today , is it in an OS reinstall to get out of it, or do I have to do a complete format ?

    ReplyDelete
  16. lakshithaAugust 18, 2016 at 12:56 PM

    thanx bro.i had the same here.and i post ur article to FB for the every torrent user..i also had to kill those processes in task manager.
    the first thing those motherfuckers do is lower ur "user account control settings" and they install fucking lot of junk softwares.so 1st restore again ur user accont controler settings in win 8.
    thanx agin bro.

    ReplyDelete
  17. gloxJanuary 1, 2017 at 4:06 PM

    sh*t already installed the software but still cannot watch the movie this explains it...

    ReplyDelete
  18. UnknownFebruary 13, 2019 at 4:34 AM

    I found it out the hard way... but I blocked it. Here is what I did.
    I realized it was a BOT installation process. I (without turning it off) downloaded malwarebytes and installed it. I then ran it and it started complaining about all the c@#$p that was installed on my computer and started removing it. Since I had NOT rebooted the laptop since it was installed, it did not get the chance to completely invade the OS. I went looking for Processes that shouldn't be there and found something called c:\Program files (X86)\SPAZ\PERGAMON.EXE and the matching Process called... pergamon. There were 5 of them running by this time and I killed them all.. they tried to restart, but I kept killing them and eventually They all died an didn't restart again. This is ironic since Pergamon is the program that installs the TROJAN program.. and since Pergamon is linked to the city of troy and its famous TROJAN HORSE program, it seems the writers of this Trojan made a joke out of the name in order to install their trojan.
    When Malwarebytes was through, it insisted it had to reboot, but it failed. I have windows 10 and it could not reboot.. but fortunately the windows repair process allowed me to reset the PC back to a previous restore point. SInce the trojan had not taken complete control yet, windows 10 was able to install the restore point back and undo the corruption. After it finally completed, I re-ran malwarebytes several more times to clean up all the install files and it is now completely free.
    I was very lucky ......
    Good luck to anyone else. IF a program tells you it needs you to do something that seems a bit... odd? Just say NO!....

    ReplyDelete

Post a Comment

Popular Posts