Sunday, December 7, 2008

WebHancer Spyware

Removing WebHancer
Categories: Spyware,BHO,Adware
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

WebHancer Also known as:

[F-Prot]->license.txt;
[Panda]Adware/Xupiter
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini

How to detect WebHancer:

Files:
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini

Folders:
[%PROGRAM_FILES%]\em
[%PROGRAM_FILES%]\webhancer
[%PROGRAM_FILES%]\whinstall
[%PROFILE_TEMP%]\wzs11.tmp

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1
HKEY_LOCAL_MACHINE\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\classes\whiehelperobj.whiehelperobj
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webhancer agent
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whsurvey
HKEY_LOCAL_MACHINE\software\webhancer
HKEY_CLASSES_ROOT\clsid\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\clsid\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1

Removing WebHancer:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Webcont Adware Cleaner
chatstat.com Tracking Cookie Cleaner
Remove MSN.com Tracking Cookie
Removing Donise Trojan

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)