Updated: February 13, 2007 11:41:18 AM
Type: Adware
Risk Impact: Medium
File Names:
NaviHelper.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When Adware.Navihelper is installed, it does the following:
- Downloads a database of advertising Web sites from [http:/ /]bar/iebar8.com/[REMOVED]/host.dat, and then installs it in %System%\host.dat.
Note: %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- Creates the following registry subkeys:
HKEY_CURRENT_USER\AppID\{13FACA62-5FC4-4817-9175-9C8D00975916}
HKEY_CURRENT_USER\AppID\NaviHelper.DLL
HKEY_CURRENT_USER\NaviHelper.NaviHelperObj.1
HKEY_CURRENT_USER\NaviHelper.NaviHelperObj
HKEY_CURRENT_USER\CLSID\{3E422F49-1566-40D3-B43D-077EF739AC32}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E422F49-1566-40D3-B43D-077EF739AC32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E422F49-1566-40D3-B43D-077EF739AC32}
- Directs the user to Web sites referenced in the host.dat database file.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
