Wurldmedia

[Dick Ahern]

This tracking program comes from weather.com. It creats a
RegVal and RegKey.

It is not spotted by MS AntiSpyware,Trend Micro
Pc-cillin,SpyBot S&d,or SpyBot.

It is only spotted and removed by Ad-Asware SE.

I use this site frequently and it really irks me that every
time I go to this site I know I am going to pick up this
tracking program.

What can I do to prevent dowload, or must I run Ad-Aware
everytime after visiting this site?

Any assistance with this problem is appreciated.

 

[Bob Dietz]

What RegVal and what RegKey? (What are the values?)
Which version of Windows are you running?

 

[Guest]

Running Windows XP,, SP2

Ad-Aware shows the following
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 5

1:28:18 PM Scan Complete

and

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "ltr2"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx
Value : ltr2

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1

 

[Bob Dietz]

Based on the following pages, I think you need to look at IE BHO's.
http://www.alegsa.com.ar/Visitas/i47/A trojan that won t stay away.php
http://www.doxdesk.com/parasite/WurldMedia.html
http://sarc.com/avcenter/venc/data/adware.wurldmedia.html

See if the following steps don't cure the problem.
Close all instances of Internet Explorer!
Open Task Manager and verify that there are no stealth instances of
Internet Explorer. If there is/are, kill it/them.
Look for suspicious or mysterious BHOs.
(The path might include "WurldMedia.")
Send all suspicious or mysterious BHOs to Spynet for anaysis.
Permanently remove any BHO that is obviously a part of "WurldMedia."
Block any other suspicious BHOs.
Run an Ad-Aware scan so the "WurldMedia" reg keys are removed.
Start Internet Explorer; connect to the web and browse a couple sites.
Run another Ad-Aware scan and verify that the "WurldMedia" reg key
haven't returned.