Updated: February 13, 2007 11:45:17 AM
Type: Adware
Risk Impact: High
File Names:
HelperInstaller.exe
Helper101.dll
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
When Adware.EnhanceMSearch is executed, it performs the following actions:
- Creates the following files:
- %WinDir%\Helper101.dll
- %WinDir%\del.tmp
- %WinDir%\searchen.dat
Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
- Adds the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017C20C1-F86F-11D8-9B25-000ACD002AE3}
so that the risk runs every time Internet Explorer starts.
- Adds the value:
"lastrun" = "[Date last run]"
to the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
- Creates the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}
- Displays advertisements based on keywords entered into predetermined web search engines.
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
