Adware.Webhancer

Spreading: low
Damage: low
Size: ~187000
Discovered: 2007 Oct 01

SYMPTOMS:

Webhancer is a spyware that is supposed to make your internet browsing faster, but instead it modifies windows LSP stack and adds a browser helper object, causing the internet browser to work slower while it is monitoring network activity and gathering information about browsing history.
(any attempt to manually remove this application will break network connectivity, for operating systems previous to Windows xp service pack 2)

TECHNICAL DESCRIPTION:

the following components on disk:

C:\Program Files\webHancer\Programs\license.txt
C:\Program Files\webHancer\Programs\readme.txt
C:\Program Files\webHancer\Programs\sporder.dll
C:\Program Files\webHancer\Programs\wbhshare.dll
C:\Program Files\webHancer\Programs\whAgent.exe
C:\Program Files\webHancer\Programs\whAgent.ini
C:\Program Files\webHancer\Programs\whiehlpr.dll
C:\Program Files\webHancer\Programs\whieshm.dll
C:\WINDOWS\webhdll.dll
C:\WINDOWS\whAgent.inf
C:\WINDOWS\whInstaller.exe
C:\WINDOWS\whInstaller.ini

the following registry entries:

*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}
*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}
*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}
*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj
*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1
*
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer
*
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WS2IFSL
*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent
*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Dinu Pelin, virus researcher