 |
Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top 25 Spyware:
Glossary Latest Detections  |
 |
Spyware/BHO/WebHancerAlias: ->license.txt, Adware/Xupiter, WebHancer, Customer Companion
Description: Spyware/BHO/WebHancer is a process started at Windows startup that monitors web sites being viewed and sends performance data on them back to own home servers. Displays advertisements at your computer based on your surfing habits. Threat type: BHO - A Browser Helper Object (BHO) is a software application that runs automatically whenever you start Internet Explorer. Browser Helper Objects are typically installed by other programs such as toolbar accessories and can track internet usage, create popup windows, display additional information on a viewed page and collect information that is transmitted by you over the internet. Malicious software that exploits this technology can replace banner advertisements with other ads, monitor your actions, change your home page, etc. Spyware - Spyware is any software application that gathers information from the user's PC and transmits it to the Spyware author (usually hackers, but sometimes corporations). The information is gathered and transmitted without the user's knowledge or consent. Spyware applications may steal sensitive corporate information and transmit it to competitors. Spyware also degrades PC performance and can consume huge amounts of bandwidth, especially on corporate servers. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy. Detection: SpyNoMore detects Spyware/BHO/WebHancer: Yes Threat risk: Medium Risk  Potentially dangerous malware. May collect sensitive user information and broadcast data back to a server with "opt-out" permission. Category includes most adware programs. Symptoms: Spyware/BHO/WebHancer displays commercial advertisements. Spyware/BHO/WebHancer tracks web usage. Spyware/BHO/WebHancer hides from the user and stays resident in background.
Running Process Signatures: N/A File Signatures: %WINDOWS%\downlo~1\mqgold1.dll %PROFILE%\local settings\temp\wzs105.tmp\whinstaller.exe %PROFILE%\local settings\temp\wzs105.tmp\whieshm.dll %WINDOWS%\whinstaller.ini %PROFILE%\local settings\temp\wzs46.tmp\whinstaller.exe %WINDOWS%\system\whiehlpr.dll %PROFILE%\local settings\temp\wzs105.tmp\webhdll.dll %PROFILE%\local settings\temp\wzsb2.tmp\whiehlpr.dll %WINDOWS%\temp\whinstaller.exe %PROFILE%\local settings\temp\wzsee.tmp\whinstaller.ini %WINDOWS%\webhdll.dll %PROFILE%\local settings\temp\wzsb2.tmp\whinstaller.exe %PROFILE%\local settings\temp\wzs46.tmp\whieshm.dll %PROFILE%\local settings\temp\wzsee.tmp\webhdll.dll %PROFILE%\local settings\temp\wzsb2.tmp\wbhshare.dll %WINDOWS%\digital signature 20030814.htm %PROFILE%\local settings\temp\whcc-grokster.exe %COMMON_PROGRAMS%\grokster\grokster.lnk %PROFILE%\local settings\temp\wzsb2.tmp\whagent.exe %PROFILE%\local settings\temp\wzs46.tmp\whiehlpr.dll %PROFILE%\local settings\temp\wzs46.tmp\whinstaller.ini %WINDOWS%\whagent.inf %WINDOWS%\whinstaller.exe %PROFILE%\local settings\temp\wzsee.tmp\whinstaller.exe %WINDOWS%\lastgood\whinstaller.exe %WINDOWS%\temp\whinstaller.ini %PROFILE%\local settings\temp\wzs46.tmp\whagent.inf %PROFILE%\local settings\temp\wzsee.tmp\whiehlpr.dll %PROFILE%\local settings\temp\wzs46.tmp\wbhshare.dll %PROFILE%\administrator\start menu\programs\earn\about earn.lnk %PROFILE%\local settings\temp\wzsee.tmp\whagent.exe %PROFILE%\local settings\temp\wzsee.tmp\wbhshare.dll %PROFILE%\local settings\temp\wzsee.tmp\whieshm.dll %PROFILE%\local settings\temp\wzsb2.tmp\whinstaller.ini %PROFILE%\local settings\temp\wzsb2.tmp\whagent.inf %WINDOWS%\temp\whcc-grokster.exe %PROFILE%\local settings\temp\wzs105.tmp\whiehlpr.dll %WINDOWS%\temp\whagent.inf %PROFILE%\local settings\temp\wzs105.tmp\whagent.exe %PROFILE%\local settings\temp\wzsb2.tmp\webhdll.dll %WINDOWS%\system32\whiehlpr.dll %PROFILE%\local settings\temp\wzs46.tmp\webhdll.dll %PROFILE%\local settings\temp\wzs46.tmp\whagent.exe %PROFILE%\local settings\temp\wzsee.tmp\whagent.inf %PROFILE%\local settings\temp\wzsb2.tmp\whieshm.dll %PROFILE%\local settings\temp\wzs105.tmp\whagent.inf %WINDOWS%\temp\whiehlpr.ini %PROFILE%\local settings\temp\wzs105.tmp\wbhshare.dll %WINDOWS%\lastgood\whagent.inf %PROFILE%\local settings\temp\wzs105.tmp\whinstaller.ini Registered Dll (Dynamic Link Library) Signatures: N/A Folder Signatures: %PROFILE%\local settings\temp\wzs11.tmp %PROGRAM_FILES%\whinstall %PROGRAM_FILES%\webhancer Registry Signatures: HKCR\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} HKCR\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0} HKCR\whiehelperobj.whiehelperobj.1 HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} HKLM\software\microsoft\windows\currentversion\app management\arpcache\whsurvey HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} HKCR\whiehelperobj.whiehelperobj HKLM\software\microsoft\windows\currentversion\uninstall\whsurvey HKLM\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} HKLM\software\webhancer HKLM\software\classes\whiehelperobj.whiehelperobj HKCR\clsid\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} HKLM\software\microsoft\windows\currentversion\uninstall\webhancer agent HKCR\clsid\{c89435b0-cdfe-11d3-976a-00e02913a9e0} SpyNoMore Collected Residual File Signatures: N/A
| | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||
|
||||
 |
|
 | ||