F-Secure
Tools
Adware:W32/Iehlpr
| Name : | Adware:W32/Iehlpr |
| Detection Names : |
Adware.Win32.Iehlpr |
| Aliases : |
ADSPY/IEHlpr (Avira) Allsum.dll trojan (McAfee) Trojan.Yigather (Symantec) Adware:Win32/IEHlpr (Microsoft) |
| Category: | Spyware |
| Type: | Adware |
| Platform: | W32 |
Summary
This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.
Details
Network Connections
Attempts to connect to:
• login.yiqilai.com
Additional Details
This is the family description for the Iehlpr family of adware.
Installation
During installation, a DLL is dropped at:
Where [...] is a directory that varies depending on the variant.
The name of the dropped DLL file varies, and observed names are "UserData" and "IEHelper". The file name uses the following format:
Where **** is a 4-digit number, such as 5057.
Once dropped, the DLL is registered as a Browser Helper Object (BHO) in Microsoft Internet Explorer.
Activity
When active, the program displays advertisements while the user is browsing. It will also attempt to connect to a remote server.
Installation
During installation, a DLL is dropped at:
• %appdata%\Microsoft\[...]
Where [...] is a directory that varies depending on the variant.
The name of the dropped DLL file varies, and observed names are "UserData" and "IEHelper". The file name uses the following format:
• IEHelper_****.dll
Where **** is a 4-digit number, such as 5057.
Once dropped, the DLL is registered as a Browser Helper Object (BHO) in Microsoft Internet Explorer.
Activity
When active, the program displays advertisements while the user is browsing. It will also attempt to connect to a remote server.