Updated: February 13, 2007 11:37:02 AM
Type: Adware
Risk Impact: Medium
File Names: bho.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When it is executed, Adware.IEPageHelper does the following:
- Registers itself as a browser help object by adding and populating the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Help Objects\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}
HKEY_LOCAL_MACHINE\CLASSES\CLSID\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}
HKEY_LOCAL_MACHINE\CLASSES\TypeLib\{0B1DF4A9-C114-48A2-BE0A-6DC5973EB157}
HKEY_LOCAL_MACHINE\CLASSES\AppID\{0B1DF4A9-C114-48A2-BE0A-6DC5973EB157}
HKEY_LOCAL_MACHINE\CLASSES\AppID\bho.DLL
HKEY_LOCAL_MACHINE\CLASSES\bho.IEPageHelper.1
HKEY_LOCAL_MACHINE\CLASSES\bho.IEPageHelper
- Can contact a remote Web server when Internet Explorer is executed for words on the displayed Web page. Then, it highlights those words and displays the results of the search when the mouse hovers over them.
Note: The adware uses Httpreq.dll and Zlib.dll, two non-malicious DLLs, to make the query.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
