For the past week or two, its been showing up in my taskmanager here in Windows XP.. I cant remember what I installed recently that would have put it there.. and the properties of the file arent very clear.. The internal name is "MSCStat2" and thats about it.. Its running from C:\WINDOWS\system32, which would typically indicate that its a Microsoft program, but the file properties say nothing about microsoft..
What is MSCStat2.exe?
- Thread starter dawks
- Start date
BillGates
Diamond Member
- Nov 30, 2001
- 7,388
- 2
- 81
Description
An IE browser helper object that detects visits to known sites and redirects them through a third-party server in order to take the affiliate fees. WurldMedia even steals the fees from other webmasters when you use their own links.
Variants
WurldMedia/bpboh: initial variant. You have this variant if there is a file called "bpboh.dll" in your Windows directory. Presumbly the name should have been 'bpbho' (Buyers' Port Browser Helper Object), but someone made a typo. There will also be a 'rdxrNNNN.de' file containing an encoded target list. (NNNNNN is some numbers, looks like a date.)
WurldMedia/mbho: newer version. Installs 'mbho.dll' and the 'rdxr' data file in the System directory instead of the Windows directory. Installer is not so stealthy and includes an option to prompt the user before redirecting a merchant site. However, if "enable" (the default option) is chosen on any of these prompts, it will be silent again forever.
WurldMedia/MSCStat. In this variant you get an 'MSCStat.exe' system tray program in the System directory, with an 'msc(numbers).de' file and 'ad(numbers).de.xml' as well as the files from the mbho variant.
Also known as
Morpheus Shopping Club.
Distribution
Included in Gnutella-based releases of the Morpheus file-sharing program, except for the first, very early preview releases.
What it does
Advertising
No.
Privacy violation
Yes. WurldMedia will be informed of visits to any of their targeted sites with referring site information and user-tracking through a unique ID built into the software.
Security issues
Unknown. The Licence in the newer 'mbho' variant implies that there may be some sort of self-update feature however I have not caught it doing this. When a new IE window is opened it connects to its server to download an updated list of targeted sites; it would presumably be at this point that any updates would happen.
Stability problems
The redirect mechanism used by this software breaks the web browser's 'back' button.
Removal
Uninstalling Morpheus does not remove WurldMedia. There is no uninstall function. Ad-Aware and Spybot S&D can currently remove the bpboh and mbho variants, but do not remove the extra components in the MSCStat variant.
Manual removal
Before you can delete the bpboh or mbho DLL, you will need to deregister it. For Windows 95/98/Me, enter one of the following commands:
bpboh variant
"%WinDir%\SYSTEM\regsvr32.exe" /u "%WinDir%\bpboh.dll"
mbho/MSCStat variant
"%WinDir%\SYSTEM\regsvr32.exe" /u "%WinDir%\SYSTEM\mbho.dll"
Or for Windows NT/2000/XP:
bpboh variant
regsvr32 /u "%WinDir%\bpboh.dll"
mbho/MSCStat variant
regsvr32 /u "%WinDir%\System32\mbho.dll"
After closing all Explorer windows (you may also have to restart the computer), you should be able to delete the DLL and also 'rdxrNNNNNN' in the same directory (the extension will be '.dat' for the bpboh variant, or '.de' for the other variants).
If you have the MSCStat variant you should also delete 'MSCStat.exe', 'adNNNNNN.de.xml' and 'mscNNNNNN.de'. There is also an HKEY_LOCAL_MACHINE\Software\rdxr to clean up in the registry if you like.
_____________________________
Sounds like spyware to me, try AdAware.
From this site.
An IE browser helper object that detects visits to known sites and redirects them through a third-party server in order to take the affiliate fees. WurldMedia even steals the fees from other webmasters when you use their own links.
Variants
WurldMedia/bpboh: initial variant. You have this variant if there is a file called "bpboh.dll" in your Windows directory. Presumbly the name should have been 'bpbho' (Buyers' Port Browser Helper Object), but someone made a typo. There will also be a 'rdxrNNNN.de' file containing an encoded target list. (NNNNNN is some numbers, looks like a date.)
WurldMedia/mbho: newer version. Installs 'mbho.dll' and the 'rdxr' data file in the System directory instead of the Windows directory. Installer is not so stealthy and includes an option to prompt the user before redirecting a merchant site. However, if "enable" (the default option) is chosen on any of these prompts, it will be silent again forever.
WurldMedia/MSCStat. In this variant you get an 'MSCStat.exe' system tray program in the System directory, with an 'msc(numbers).de' file and 'ad(numbers).de.xml' as well as the files from the mbho variant.
Also known as
Morpheus Shopping Club.
Distribution
Included in Gnutella-based releases of the Morpheus file-sharing program, except for the first, very early preview releases.
What it does
Advertising
No.
Privacy violation
Yes. WurldMedia will be informed of visits to any of their targeted sites with referring site information and user-tracking through a unique ID built into the software.
Security issues
Unknown. The Licence in the newer 'mbho' variant implies that there may be some sort of self-update feature however I have not caught it doing this. When a new IE window is opened it connects to its server to download an updated list of targeted sites; it would presumably be at this point that any updates would happen.
Stability problems
The redirect mechanism used by this software breaks the web browser's 'back' button.
Removal
Uninstalling Morpheus does not remove WurldMedia. There is no uninstall function. Ad-Aware and Spybot S&D can currently remove the bpboh and mbho variants, but do not remove the extra components in the MSCStat variant.
Manual removal
Before you can delete the bpboh or mbho DLL, you will need to deregister it. For Windows 95/98/Me, enter one of the following commands:
bpboh variant
"%WinDir%\SYSTEM\regsvr32.exe" /u "%WinDir%\bpboh.dll"
mbho/MSCStat variant
"%WinDir%\SYSTEM\regsvr32.exe" /u "%WinDir%\SYSTEM\mbho.dll"
Or for Windows NT/2000/XP:
bpboh variant
regsvr32 /u "%WinDir%\bpboh.dll"
mbho/MSCStat variant
regsvr32 /u "%WinDir%\System32\mbho.dll"
After closing all Explorer windows (you may also have to restart the computer), you should be able to delete the DLL and also 'rdxrNNNNNN' in the same directory (the extension will be '.dat' for the bpboh variant, or '.de' for the other variants).
If you have the MSCStat variant you should also delete 'MSCStat.exe', 'adNNNNNN.de.xml' and 'mscNNNNNN.de'. There is also an HKEY_LOCAL_MACHINE\Software\rdxr to clean up in the registry if you like.
_____________________________
Sounds like spyware to me, try AdAware.
From this site.
Thanks gates, where did you find that? edit: n/m (I can read)
I kinda thought it was morpheus.. I installed V2.0 a week or two ago, whenever..
I thought Morpheus was a clean program
I kinda thought it was morpheus.. I installed V2.0 a week or two ago, whenever..
I thought Morpheus was a clean program
BillGates
Diamond Member
- Nov 30, 2001
- 7,388
- 2
- 81
Originally posted by: DaZ
Thanks gates, where did you find that? edit: n/m (I can read)
I kinda thought it was morpheus.. I installed V2.0 a week or two ago, whenever..
I thought Morpheus was a clean program
If you wanted to use anything from that network, I'd say stick with Kazaa Lite (at least I think it's on the same network, I don't use that program often at all).
Good luck getting rid of it though, I hope that was the right info and I'm not leading you down the wrong path!
Well looks good so far..
I am using KaZaA Lite, but everyone was saying how good morpheus still is.. (even though it sucks) and there was no mention of spyware, so I decided to try it..
KaZaA Lite sucks for music, and WinMX 3.02 (or whatever the latest is) is bugging out on my system.. I start it up, and it starts using 20-90% of my CPU.. Usually 80% average.. even when its not doing anything.. just sitting there..
I am using KaZaA Lite, but everyone was saying how good morpheus still is.. (even though it sucks) and there was no mention of spyware, so I decided to try it..
KaZaA Lite sucks for music, and WinMX 3.02 (or whatever the latest is) is bugging out on my system.. I start it up, and it starts using 20-90% of my CPU.. Usually 80% average.. even when its not doing anything.. just sitting there..
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter