1. /
  2. Security Response/
  3. Adware.Wurldmedia

Adware.Wurldmedia

Updated:
February 13, 2007 11:33:14 AM
Type:
Adware
Publisher:
Wurldmedia
Risk Impact:
Medium
File Names:
MSCStat.exe msc[RANDOM NUMBER].de tc.dll mbho.dll
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Adware,Wurldmedia is installed, it performs the following actions:
  1. Creates some of the following registry subkeys:

    HKEY_CLASSES_ROOT\CLSID\{2737A6C0-7E24-11D7-B299-00E0297E0844}
    HKEY_CLASSES_ROOT\CLSID\{3A279869-C6B6-4410-A041-0435DE6AD916}
    HKEY_CLASSES_ROOT\CLSID\{40AC4D2D-491D-11D4-AAF2-0008C75DCD2B}
    HKEY_CLASSES_ROOT\CLSID\{525BBD23-1863-46C6-86D6-5F9A3715D44E}
    HKEY_CLASSES_ROOT\CLSID\{8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7}
    HKEY_CLASSES_ROOT\CLSID\{CDBCFEAE-10BA-482C-9F6E-FC67207082D8}
    HKEY_CLASSES_ROOT\CLSID\{91F3FA55-75D6-402A-B230-5C8DF44B129A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{AEB3079E-DAA6-4630-BA90-C0C2D577B8F9}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{1E66FF91-F081-49BF-ACCA-8940B9153B2C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    \{9B33CD1D-69DC-4853-B830-83CAA8A1F1AF}

    HKEY_CLASSES_ROOT\Interface\{EBFE289D-D490-40A1-A5B7-201149EF06D3}
    HKEY_CLASSES_ROOT\TypeLib\{C691047B-6C40-4A4E-8313-600C2A1EBB57}
    HKEY_CLASSES_ROOT\Tchk.TChkBHO
    HKEY_CLASSES_ROOT\Tchk.TChkBHO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\FENX
    HKEY_ALL_USERS\software\Wurld Media
    HKEY_LOCAL_MACHINE\Software\mircosoft\windows\currentversion\explorer
    \browser helper objects\{91F3FA55-75D6-402A-B230-5C8DF44B129A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Browser Helper Objects\{AEB3079E-DAA6-4630-BA90-C0C2D577B8F9}

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    \Ext\Stats\{91F3FA55-75D6-402A-B230-5C8DF44B129A}
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
    \Ext\Stats\{AEB3079E-DAA6-4630-BA90-C0C2D577B8F9}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    \{65AEB02A-946C-40DE-AA5E-281AA9ADCE0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    \{A83E42B1-1AE7-4CE6-B128-AB0F4A126B2C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    \{48F35889-7F47-4A93-8876-7AB20324E5D7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mobho.IEHlprObj
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Mobho.IEHlprObj.1
    HKEY_LOCAL_MACHINE\SOFTWARE\morp
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    \Browser Helper Objects\{65AEB02A-946C-40DE-AA5E-281AA9ADCE0E}


  2. May add some of the following files:

    %System%\mo[RANDOM CHARACTERS].dat
    %System%\mo[RANDOM CHARACTERS].de

    Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  3. Tracks websites visited and sends details to a remote server.

    Note: This security risk can track your visits to those Web sites that are listed in the encoded file msc[RANDOM NUMBER].de. It will then append a unique ID and resend the information to a controlling server. It can also connect to a server to download and execute arbitrary code.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver