AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 03:17:30 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5342 Members
Latest Member: hikslyypro
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Adware Alerts  |  Topic: Adware.7000n Browser Helper Object (BHO) 0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Adware.7000n Browser Helper Object (BHO)  (Read 803 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Adware.7000n Browser Helper Object (BHO)
« on: June 22, 2005, 10:04:12 PM »
Behavior
Adware.7000n is a Browser Helper Object (BHO) that contacts a particular Web site when Internet Explorer is started.

Symptoms
Whenever Internet Explorer is started, www.7000n.com will be shown.

technical details
File names:
%system%\twain_16.dll

Adware.7000n is distributed as an executable file. When Adware.7000n is executed, it will perform the following actions:

   1. Creates the following file:

      %System%\twain_16.dll

      Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

   2. Adds the following registry keys:

      HKEY_CLASSES_ROOT\Twain_16.iebho.1
      HKEY_CLASSES_ROOT\Twain_16.iebho
      HKEY_CLASSES_ROOT\CLSID\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D}
      HKEY_CLASSES_ROOT\TypeLib\{F05FC250-632C-424C-83D8-64640B6BED21}
      HKEY_CLASSES_ROOT\Interface\{6F9D44B8-E418-49C1-885C-1015DDDBFFC4}

      so that Adware.7000n is registered.

   3. Adds the value:

      "(Default)" = "ie assist"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D}

      so that the Adware.7000n is executed every time Internet Explorer is started.

   4. Redirects Internet Explorer to www.7000n.com, a portal site in China, regardless of the Home page setting of Internet Explorer.

REMOVAL INSTRUCTIONS
See: [url]http://securityresponse.symantec.com/avcenter/venc/data/adware.7000n.html[/url]

To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit
   3. Click OK.

   4. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D}

   5. In the left pane, delete the key:

      "{AE21A223-C4CA-43D7-9764-4FC6DF529F4D}"

   6. Navigate to the subkey:

      HKEY_CLASSES_ROOT\Twain_16.iebho.1

   7. In the left pane, delete the key:

      Twain_16.iebho.1

   8. Navigate to the subkey:

      HKEY_CLASSES_ROOT\Twain_16.iebho

   9. In the left pane, delete the key:

      Twain_16.iebho

  10. Navigate to the subkey:

      HKEY_CLASSES_ROOT\CLSID\{AE21A223-C4CA-43D7-9764-4FC6DF529F4D}

  11. In the left pane, delete the key:

      {AE21A223-C4CA-43D7-9764-4FC6DF529F4D}

  12. Navigate to the subkey:

      HKEY_CLASSES_ROOT\TypeLib\{F05FC250-632C-424C-83D8-64640B6BED21}

  13. In the left pane, delete the key:

      {F05FC250-632C-424C-83D8-64640B6BED21}

  14. Navigate to the subkey:

      HKEY_CLASSES_ROOT\Interface\{6F9D44B8-E418-49C1-885C-1015DDDBFFC4}

  15. In the left pane, delete the key:

      {6F9D44B8-E418-49C1-885C-1015DDDBFFC4}

  16. Exit the Registry Editor
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Adware Alerts  |  Topic: Adware.7000n Browser Helper Object (BHO) « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!