Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.IEPageHelper

Adware.IEPageHelper

Updated:
February 13, 2007
Risk Impact:
Medium
File Names:
bho.dll
Systems Affected:
Windows

Behavior


Adware.IEPageHelper highlights words on Web pages and displays text when you move the cursor over the words.

Symptoms


Words are highlighted in Internet Explorer and search results are shown when the cursor moves over them.

Behavior


This adware program must be manually installed or installed as a component of another program.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version March 23, 2017 revision 037
  • Initial Daily Certified version March 22, 2004
  • Latest Daily Certified version March 23, 2017 revision 041
  • Initial Weekly Certified release date March 24, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When it is executed, Adware.IEPageHelper does the following:
  1. Registers itself as a browser help object by adding and populating the registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Help Objects\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}
    HKEY_LOCAL_MACHINE\CLASSES\CLSID\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}
    HKEY_LOCAL_MACHINE\CLASSES\TypeLib\{0B1DF4A9-C114-48A2-BE0A-6DC5973EB157}
    HKEY_LOCAL_MACHINE\CLASSES\AppID\{0B1DF4A9-C114-48A2-BE0A-6DC5973EB157}
    HKEY_LOCAL_MACHINE\CLASSES\AppID\bho.DLL
    HKEY_LOCAL_MACHINE\CLASSES\bho.IEPageHelper.1
    HKEY_LOCAL_MACHINE\CLASSES\bho.IEPageHelper

  2. Can contact a remote Web server when Internet Explorer is executed for words on the displayed Web page. Then, it highlights those words and displays the results of the search when the mouse hovers over them.

    Note: The adware uses Httpreq.dll and Zlib.dll, two non-malicious DLLs, to make the query.


The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Unregister the bho.dll file.
  3. Run a full system scan and delete all the files detected as Adware.IEPageHelper.
For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. Unregistering the bho.dll file
  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type, or copy and paste, the following text:

    regsvr32 /u "[path to bho.dll]\bho.dll"

    then click OK.

  3. If a dialog box confirming this action appears, click OK.

3. Scanning for and deleting the files
  1. Start your Symantec antivirus program, and then run a full system scan.
  2. If any files are detected as Adware.IEPageHelper, click Delete.

    Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.