Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.IEhlpr

Adware.IEhlpr

Updated:
17 July 2006
Risk Impact:
High
Systems Affected:
Windows

Behavior

Adware.IEhlpr is an Internet Explorer Browser Helper Object that displays advertisements, most of which are Chinese in origin.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 25 August 2019 revision 003
  • Initial Daily Certified version 23 November 2005
  • Latest Daily Certified version 23 July 2019 revision 002
  • Initial Weekly Certified release date 23 November 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Adware.IEhlpr is an Internet Explorer Browser Helper Object that displays advertisements, most of which are Chinese in origin.

When the program is executed, it creates the following files:
%ProgramFiles%\Internet Explorer\HMAPI.dll
%ProgramFiles%\Internet Explorer\supports.txt
%ProgramFiles%\Internet Explorer\Licenses.txt

These file paths are hardcoded into the program. Even if the above folder is not the default location for Internet Explorer, the risk will still create this folder and store these files there.

The program then creates the following registry subkeys:
HKEY_CLASSES_ROOT\CLSID\{EE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_CLASSES_ROOT\Interface\{EE7C3CEF-4B15-11D1-ABED-709549C10000}
HKEY_CLASSES_ROOT\TypeLib\{EE7C3CE2-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE7C3CF0-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{999ADFA2-8AD1-47FF-97FC-69FB847458F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{998CAE99-EB35-4C8E-A30A-BC061AD826F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{999ADFA2-8AD1-47ff-97FC-69FB847458F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999ADFA2-8AD1-47ff-97FC-69FB847458F4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999ADFA2-8AD1-47FF-97FC-69FB847458F4}

The program also creates the following registry subkeys, which may be used by legitimate products:
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj
HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj.1

The program then contacts the following Web site and downloads configuration information:
tw010.com