Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



13 February 2007
Risk Impact:
File Names:
Systems Affected:


Adware.IEPageHelper highlights words on Web pages and displays text when you move the cursor over the words.


Words are highlighted in Internet Explorer and search results are shown when the cursor moves over them.


This adware program must be manually installed or installed as a component of another program.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 07 May 2019 revision 006
  • Initial Daily Certified version 22 March 2004
  • Latest Daily Certified version 07 May 2019 revision 008
  • Initial Weekly Certified release date 24 March 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When it is executed, Adware.IEPageHelper does the following:
  1. Registers itself as a browser help object by adding and populating the registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Help Objects\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}

  2. Can contact a remote Web server when Internet Explorer is executed for words on the displayed Web page. Then, it highlights those words and displays the results of the search when the mouse hovers over them.

    Note: The adware uses Httpreq.dll and Zlib.dll, two non-malicious DLLs, to make the query.

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Unregister the bho.dll file.
  3. Run a full system scan and delete all the files detected as Adware.IEPageHelper.
For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. Unregistering the bho.dll file
  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type, or copy and paste, the following text:

    regsvr32 /u "[path to bho.dll]\bho.dll"

    then click OK.

  3. If a dialog box confirming this action appears, click OK.

3. Scanning for and deleting the files
  1. Start your Symantec antivirus program, and then run a full system scan.
  2. If any files are detected as Adware.IEPageHelper, click Delete.

    Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.