AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 12:36:25 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Adware Alerts  |  Topic: Adware.EnhanceMSearch Browser Helper Object 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Adware.EnhanceMSearch Browser Helper Object  (Read 903 times)
Brad
SysAdmin
Tech Team
Hero Member
********
Offline Offline

Posts: 391



View Profile
Adware.EnhanceMSearch Browser Helper Object
« on: June 22, 2005, 11:36:16 PM »
Behavior
Adware.EnhanceMSearch is a Browser Helper Object that tracks keywords typed in popular web search engines such as google, and displays advertisements based on those keywords.

Symptoms
Your Symantec program detects Adware.EnhanceMSearch.

Transmission
This security risk can be installed as part of another program.

technical details
File names:
HelperInstaller.exe
Helper101.dll

When Adware.EnhanceMSearch is executed, it performs the following actions:

   1. Creates the following files:

          * %WinDir%\Helper101.dll
          * %WinDir%\del.tmp
          * %WinDir%\searchen.dat

            Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

   2. Adds the registry key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017C20C1-F86F-11D8-9B25-000ACD002AE3}

      so that the risk runs every time Internet Explorer starts.

   3. Adds the value:

      "lastrun" = "[Date last run]"

      to the registry subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

   4. Creates the following registry key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}

   5. Displays advertisements based on keywords entered into predetermined web search engines.

To delete the value from the registry
   1. Click Start > Run.
   2. Type regedit

      Then click OK.

      Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html and then continue with the removal.

   3. Navigate to the subkey:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

   4. In the right pane, delete the value:

      "lastrun" = "[Date last run]"

   5. Navigate to and delete the following registry keys:

      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{017C20C1-F86F-11D8-9B25-000ACD002AE3}

   6. Exit the Registry Editor.
Logged
Mambo Hosting Resources
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Adware Alerts  |  Topic: Adware.EnhanceMSearch Browser Helper Object « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!