Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.IEhlpr

Adware.IEhlpr

Updated:
July 17, 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Adware.IEhlpr is an Internet Explorer Browser Helper Object that displays advertisements, most of which are Chinese in origin.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version July 05, 2017 revision 022
  • Initial Daily Certified version November 23, 2005
  • Latest Daily Certified version July 06, 2017 revision 003
  • Initial Weekly Certified release date November 23, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.IEhlpr is an Internet Explorer Browser Helper Object that displays advertisements, most of which are Chinese in origin.

When the program is executed, it creates the following files:
%ProgramFiles%\Internet Explorer\HMAPI.dll
%ProgramFiles%\Internet Explorer\supports.txt
%ProgramFiles%\Internet Explorer\Licenses.txt

These file paths are hardcoded into the program. Even if the above folder is not the default location for Internet Explorer, the risk will still create this folder and store these files there.

The program then creates the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{EE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_CLASSES_ROOT\Interface\{EE7C3CEF-4B15-11D1-ABED-709549C10000}
HKEY_CLASSES_ROOT\TypeLib\{EE7C3CE2-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{999ADFA2-8AD1-47FF-97FC-69FB847458F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{998CAE99-EB35-4C8E-A30A-BC061AD826F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{999ADFA2-8AD1-47ff-97FC-69FB847458F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999ADFA2-8AD1-47ff-97FC-69FB847458F4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999ADFA2-8AD1-47FF-97FC-69FB847458F4}

The program also creates the following registry subkeys, which may be used by legitimate products:
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj.1

The program then contacts the following Web site and downloads configuration information:
tw010.com