allentech.net

Home > Browser Parasites > Parasite Database > MediaUpdate

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: MediaUpdate

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

MediaUpdate is an IE Browser Helper Object that monitors pages you view and opens or redirects to advertising.

Variants

MediaUpdate/012 and MediaUpdate/020; two versions of the same software controlled by media-update.com.

MediaUpdate/022 is a newer version controlled by stop-pops.com.

Also known as

DoubleAgent, or Movie-Viewer (020 variant), after internal object names. MedUp, after its filename. The 022 variant is known as SafeSurfing after the program it is distributed as part of.

Distribution

012 and 020 are known to be installed by .EXE video downloaders, probably spawned by porn pop-ups.

022 is distributed with a pop-up-advert stopper called ‘SafeSurfing’.

What it does

Advertising

Yes. It connects to its controlling server to download a list of site URLs and keywords to target. If you visit a targeted site, or view a page with a keyword in its title, MediaUpdate may redirect you to one of their affiliate pages, or open one in a new browser window.

Privacy violation

No.

Security issues

Yes. Can silently download and execute arbitrary code from its controlling server, as a self-updating feature.

Stability problems

No.

Removal

MediaUpdate/020 includes an entry in the Control Panel’s Add/Remove Programs list for ‘Movie Viewer 2.1’. Unfortunately, it does not work.

Manual removal

Open the registry (click ‘Start’, choose ‘Run’ and enter ‘regedit’), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘UpdateMedia’ entry (012 and 020 variants) or ‘SafeSurfingUpdate’ (022 variant).

Now open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands (for the 012 variant):

cd "%WinDir%\System"
regsvr32 /u medup012.dll

Or, for the 020 variant:

cd "%WinDir%\System"
regsvr32 /u medup020.dll

Or, for the 022 variant:

cd "%WinDir%\System"
regsvr32 /u ssurf022.dll

Restart the computer and you should be able to delete the file ‘medup012.dll’ (012 variant), ‘medup020.dll’ (020 variant) or ‘ssurf022.dll’ (022 variant) in the System folder. (The System folder can be found inside the Windows folder; it is called ‘System32’ on Windows NT/2000/XP, or just ‘System’ on Windows 95/98/Me.) You can also delete the ‘MediaUpdate’ folder in Program Files with the 012 and 020 variants.

You can also delete the subkey ‘Invictus’ (012, 020 variants) or ‘SafeSurfing’ (022 variant) in the registry key HKEY_LOCAL_MACHINE\Software to clean up if you like.

Links

Invictus Networks wrote and control MediaUpdate.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top