WurldMedia Browser Hijacker Information
Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
||WurldMedia is an Internet Explorer BHO that detects visits to known sites and redirects them through a third-party server in order to take the affiliate fees. WurldMedia even steals the fees from other webmasters when you use their own links.
WurldMedia takes away affiliate money from us and silently diverts it to wurldmedia. www.wurldmedia.com. A new version of their program doesn't silently divert the money, but still allows the money to be diverted.
WurldMedia is also known as Morpheus Shopping Club, WURLD Shopping Community, BuyersPort. Like SaveNow, it is distributed with many file-sharing programs, and is known to be included in Morpheus. Also like SaveNow it to has the ablility to commondeer the affilate "string" to credit the themselves instead of the true web site owner via the end users browser. Wurld has has the ablility to overwrite affiliate links strings, replacing them with its own link to steal the commission from the web site that actually made the sale.
"You understand, acknowledge and agree that installation of an Application permits the downloading to your computer by My Search of software which allows us to update the Application, and that such updates may occur without notice to you, unless the terms of this Agreement change in a material way. You agree to accept all such updates and agree that they are and shall be governed by this Agreement unless superceded by a successor agreement ... You further understand, acknowledge and agree that in consideration of the Applications, services and information provided to you by My Search, and in order to make our services functional and robust, the Application may communicate with our servers. ... You agree, with respect to all other users of your computer, to (i) provide a copy of this Agreement; and (ii) obtain their consent to this Agreement before allowing them to use the computer to access the Internet. You agree to provide and to maintain fully accurate, complete and current information related to your registration for the Applications and our services and information that may be required in the course of your use of our services. If My Search has reasonable grounds to suspect that such information is inaccurate, not current or not complete, My Search has the right to suspend or terminate your account, deny any or all use of the Applications or our services, and pursue any appropriate legal remedies. ...
WurldMedia has a number of variants:
WurldMedia/bpboh: first variant released with early Preview Releases. You have this variant if there is a file called "bpboh.dll" in your Windows directory. Presumbly the name should have been 'bpbho' (Buyers' Port Browser Helper Object), but someone made a typo. There will also be a 'rdxrNNNN.de' file containing an encoded target list. (NNNN is some numbers, looks like a date.)
WurldMedia/mbho: installs 'mbho.dll' and the 'rdxr' data file in the System directory instead of the Windows directory. Installer is not so stealthy and includes an option to prompt the user before redirecting a merchant site. However, if "enable" (the default option) is chosen on any of these prompts, it will be silent again forever.
WurldMedia/MSCStat: in this variant you get an 'MSCStat.exe' system tray program in the System directory, with an 'msc(numbers).de' file and 'ad(numbers).de.xml' as well as the files from the mbho variant. WurldMedia/MSCStat2: the MSCStat.exe file is renamed MSCStat2, and there is finally an entry in Add/Remove Programs, which disables the software (though it leaves behind the files and some registry entries).
WurldMedia/MShop, WurldMedia/MPohs and WurldMedia/MDef have new IDs and filenames: m030106sh
||process: moconfig.exe: MD5 Hash: ..
||Browser Hijacker - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.
Top Browser Hijacker Visited Pages:
SuperSpider - Alias: Network Security Guard, Melcosoft - 577 visits
Tubby - Alias: MakeMeSearch, CoolWebSearch.Tubby, Spyware.Arau, Trojan.Win32.StartPage.ih, Trojan.StartPage-FJ - 211 visits
Spyass.com - 123 visits
SecurityToolbar.DesktopScam - 122 visits
EUniverse Updater - Alias: WUpdate, eUniverse Flowgo toolbar, eUniverse SirSearch, SearchUpgrader, Search Upgrader - 120 visits
CoolWebSearch - Alias: CWS, Cool Web Serach, CoolWwwSearch - 116 visits
CrackSpider - Alias: Troj/Favadd-D - 106 visits
Trojan.StartPage - Alias: SearchCentral - 86 visits
Paytime - 84 visits
IEHijacker.Q - 80 visits
Random Browser Hijacker Pages:
BrowserPal Toolbar - Alias: BrowserAid variant, Browser Pal
SearchXl - Alias: GoCyberSearch