Look Out!

PestPatrol Pest Info - WurldMedia: "WurldMedia

Overview ?
Origins ?
Distribution ?
Operation ?
Risks ?
Detection and Removal ?
Research ?

Overview
Summary:An IE browser helper object that detects visits to known sites and redirects them through a third-party server in order to take the affiliate fees. WurldMedia even steals the fees from other webmasters when you use their own links.
Alias:BuyersPort, Morpheus, Morpheus Shopping Club, WURLD Shopping Community
Category:Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Variants:WurldMedia.bpboh
WurldMedia.mbho
WurldMedia.MDef
WurldMedia.Mo
WurldMedia.Moaa
WurldMedia.Moz
WurldMedia.MPohs
WurldMedia.MSCStat
WurldMedia.MShop
WurldMedia.TChk
WurldMedia/Mo, WurldMedia/Moaa, WurldMedia/Moz. The BHO is renamed mo030414s.dll, moaa030425s.dll or moz030715s.dll and has a random class ID; the mscstat process is renamed mostat.exe and there is a configuration program called moconfig.exe.
WurldMedia/Mostat. In this newest variant, MoStat.exe will run in your systray.
WurldMedia/MShop, WurldMedia/MPohs and WurldMedia/MDef have new IDs and filenames: m030106shop.dll, m030206pohs.dll and mdefshop.dll, respectively.
WurldMedia/TChk is bundled with the Mo, Moaa and Moz variants. It checks for the existance of the WurldMedia BHO, and, if it finds it missing, contacts its controlling server xnef.com. At the time of writing this server is not responding, but it is suspected that if it were working it would direct "