Content

Spyware-Webhancer

Type
Program
SubType
Spyware
Discovery Date
01/19/2005
Length
Minimum DAT
4339 (03/17/2004)
Updated DAT
5189 (12/19/2007)
Minimum Engine
5.1.00
Description Added
04/26/2004
Description Modified
03/17/2005 12:20 AM (PT)
Risk Assessment
Corporate User
N/A
Home User
N/A

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.  
Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp   for a list of Program detections added to the DATs.

See  http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

This application modifies windows LSP stack so that it can monitor network activity and search keywords being transmitted silently. Any attempt to manually remove this application will break network connectivity.

Installation:

No EULA was observed at the time of installation

Filename  : Webhancer.exe
MD5       : 75b2dab775ad52bfd2638837a2afb5b3

Upon installation of  the program , the following registry keys are created to load the below programs at startup.

webHancer Survey Companion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "C:\Program Files\webHancer\Programs\whSurvey.exe"

webHancer SpeedRank
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Program Files\webHancer\SpeedRank\whspeedrank.exe"

The dropped files have these following MD5 hash values.

File      :   whspeedrank.exe
Hash    :   f277988cd1c8e86c0c6b9e7899a5bf89
File      :   webhdll.dll
Hash    :   f8d5006a137564405d4ecd6138147f6d
File      :   WhSurvey.exe
Hash    :   618bae133f414d9b82890826335efe4c

whspeedrank.exe runs in the system tray and displays the follows:

Symptoms

N/A.This is not a virus or trojan.

Method of Infection

N/A.This is not a virus or trojan.

Variants

Variants

    N/A

All Information

Overview -

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Characteristics

Characteristics -

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application.  If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software.  
Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp   for a list of Program detections added to the DATs.

See  http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Summary:

This application modifies windows LSP stack so that it can monitor network activity and search keywords being transmitted silently. Any attempt to manually remove this application will break network connectivity.

Installation:

No EULA was observed at the time of installation

Filename  : Webhancer.exe
MD5       : 75b2dab775ad52bfd2638837a2afb5b3

Upon installation of  the program , the following registry keys are created to load the below programs at startup.

webHancer Survey Companion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "C:\Program Files\webHancer\Programs\whSurvey.exe"

webHancer SpeedRank
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "C:\Program Files\webHancer\SpeedRank\whspeedrank.exe"

The dropped files have these following MD5 hash values.

File      :   whspeedrank.exe
Hash    :   f277988cd1c8e86c0c6b9e7899a5bf89
File      :   webhdll.dll
Hash    :   f8d5006a137564405d4ecd6138147f6d
File      :   WhSurvey.exe
Hash    :   618bae133f414d9b82890826335efe4c

whspeedrank.exe runs in the system tray and displays the follows:

Symptoms

Symptoms -

N/A.This is not a virus or trojan.

Method of Infection

Method of Infection -

N/A.This is not a virus or trojan.

Removal -

Removal -

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

Variants -

    N/A