Technical details:
Categories: Spyware,BHO,Adware
[F-Prot]->license.txt;
[Panda]Adware/Xupiter WebHancer Folders:
[%PROGRAM_FILES%]\em
[%PROGRAM_FILES%]\webhancer
[%PROGRAM_FILES%]\whinstall
[%PROFILE_TEMP%]\wzs11.tmp
WebHancer Files:
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini
[%PROFILE_TEMP%]\2.txt
[%PROFILE_TEMP%]\b129.exe
[%PROFILE_TEMP%]\RarSFX0\license.txt
[%PROFILE_TEMP%]\RarSFX0\whAgent.ini
[%PROFILE_TEMP%]\temp.fr????
[%PROFILE_TEMP%]\temp.fr????\Programs\webhdll.dll
[%PROFILE_TEMP%]\wh.exe
[%PROFILE_TEMP%]\WZS18.tmp\readme.txt
[%PROFILE_TEMP%]\WZS18.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS23.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\license.txt
[%PROFILE_TEMP%]\WZS4.tmp\readme.txt
[%PROFILE_TEMP%]\WZS4.tmp\Webhdll.dll
[%PROFILE_TEMP%]\WZS4.tmp\WhAgent.exe
[%PROFILE_TEMP%]\WZS4.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.exe
[%PROFILE_TEMP%]\WZS4.tmp\whInstaller.ini
[%PROFILE_TEMP%]\WZS4.tmp\WhSurvey.exe
[%PROGRAM_FILES%]\em\dohancer\webinstaller.exe
[%PROGRAM_FILES%]\webHancer\Programs\whSurvey.exe
[%PROGRAM_FILES%]\whInstall\license.txt
[%PROGRAM_FILES%]\whInstall\readme.txt
[%PROGRAM_FILES%]\whInstall\whAgent.inf
[%PROGRAM_FILES%]\whInstall\whAgent.ini
[%PROGRAM_FILES%]\whInstall\whInstaller.ini
[%SYSTEM%]\auto_update_uninstall.log
[%WINDOWS%]\b129.exe
[%WINDOWS%]\hancerdoem.exe
[%WINDOWS%]\ntsautodial.ini
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(2)(2).dll
[%WINDOWS%]\webhdll(2)(2)(3).dll
[%WINDOWS%]\webhdll.dll
[%WINDOWS%]\webhdll.dll_tobedeleted
[%WINDOWS%]\wh.exe
[%WINDOWS%]\whagent.inf
[%WINDOWS%]\whCC-GIANT.exe
[%WINDOWS%]\whCC-MOTOR.exe
[%WINDOWS%]\whInstaller.exe
[%WINDOWS%]\whInstaller.ini
[%PROGRAM_FILES%]\webHancer\programs\whiehlpr.dll
[%PROFILE%]\administrator\start menu\programs\earn\about earn.lnk
[%PROFILE_TEMP%]\whcc-grokster.exe
[%PROFILE_TEMP%]\wzs105.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs105.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs105.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs105.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs105.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs105.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs105.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzs46.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzs46.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzs46.tmp\whagent.exe
[%PROFILE_TEMP%]\wzs46.tmp\whagent.inf
[%PROFILE_TEMP%]\wzs46.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzs46.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzs46.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsb2.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsb2.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsb2.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsb2.tmp\whinstaller.ini
[%PROFILE_TEMP%]\wzsee.tmp\wbhshare.dll
[%PROFILE_TEMP%]\wzsee.tmp\webhdll.dll
[%PROFILE_TEMP%]\wzsee.tmp\whagent.exe
[%PROFILE_TEMP%]\wzsee.tmp\whagent.inf
[%PROFILE_TEMP%]\wzsee.tmp\whiehlpr.dll
[%PROFILE_TEMP%]\wzsee.tmp\whieshm.dll
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.exe
[%PROFILE_TEMP%]\wzsee.tmp\whinstaller.ini
[%PROGRAMS%]\grokster\grokster.lnk
[%SYSTEM%]\whiehlpr.dll
[%WINDOWS%]\digital signature 20030814.htm
[%WINDOWS%]\downloaded program files\mqgold1.dll
[%WINDOWS%]\lastgood\whagent.inf
[%WINDOWS%]\lastgood\whinstaller.exe
[%WINDOWS%]\system\whiehlpr.dll
[%WINDOWS%]\temp\whagent.inf
[%WINDOWS%]\temp\whcc-grokster.exe
[%WINDOWS%]\temp\whiehlpr.ini
[%WINDOWS%]\temp\whinstaller.exe
[%WINDOWS%]\temp\whinstaller.ini
[%WINDOWS%]\whinstaller.exe
[%WINDOWS%]\whinstaller.ini
WebHancer Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj
HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1
HKEY_LOCAL_MACHINE\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\classes\whiehelperobj.whiehelperobj
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whsurvey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C900B400-CDFE-11D3-976A-00E02913A9E0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webhancer agent
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whsurvey
HKEY_LOCAL_MACHINE\software\webhancer
HKEY_CLASSES_ROOT\clsid\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\clsid\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
WebHancer Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy mp3 alarm clock_is1
WebHancer indications of infection
This symptoms of WebHancer detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Chisyne Trojan Symptoms
DeskAlerts Adware Removal
WinHound Ransomware Removal instruction
Cupomaple Trojan Removal instruction
Remove Caswinder Trojan
Posts
No comments:
Post a Comment