Parasite: Meridian

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

Meridian is an IE Browser Helper Object that opens pop-up advertising.

This software has not been fully tested, because its controlling servers are, at the time of writing, not responding.

Also known as

Popupper, after its internal name (’Meridian Popupper’); MyAccess, after its filename.

Distribution

Unknown, suspected ActiveX drive-by-download on pop-up porn ads sourced through TBI Corporation.

What it does

Advertising

Yes, typically porn pop-ups.

Privacy violation

Unknown.

Security issues

Yes. Can download and execute arbitrary unsigned code pointed to by its controlling server, thumbsnatcher.com.

Stability problems

None known.

Removal

Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u myaccess.dll

After restarting the computer you should be able to delete the myaccess.dll file, which you can find in the System folder. (Inside the Windows folder; it is called ‘System’ on Windows 95/98/Me, or ‘System32’ on Windows NT/2000/XP.)

You can also delete the data files ‘gdiplus64.dll’, ‘ie64.dll’ and ‘ver64.dll’ which you may find in the same folder.