Content
Adware-DealHelper
- Type
- Program
- SubType
- Adware
- Discovery Date
- 03/04/2005
- Length
- Minimum DAT
- 4420 (01/19/2005)
- Updated DAT
- 5715 (08/20/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 01/19/2005
- Description Modified
- 06/13/2005 3:07 AM (PT)
Tab Navigation
Characteristics
McAfee(R) AVERT(tm) recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
This is not a virus or a Trojan. It is a adware application from DealHelper
.
Installation
File: DHsvr.exe
Hash: 42d79ec4e08f300bf1d61b4fb6b95e0d
File: DHupdt.exe
Hash: f273e698169e2d460a2565c3d790ea79
File: DealHlpr.dll
Hash: aa0a6b4f93fa2c13e6b1a6ae3578d00d
File: DHp.dll
Hash: 6dcb6a75b44e19b0b4ce140b81dd4f8d
Drops the following files into the %Windows% folder:
- DHbrowser.exe
- DHP.dll
- DHsvr.exe
- DHUpdt.exe
- DealHlpr.dll
The following Registry keys are added by DHupdt.exe in order to get executed on each reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DealHelperUpdate" = C:\WINDOWS\DHUpdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DealHelperBrwsr" = C:\WINDOWS\DHbrwsr.exe
DealHlpr.dll is installed as Browser Helper Object .
Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various task, such as generating extra pop-up ads, monitoring page navigation, etc.
The following Registry keys are added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\dhbrwsr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\DHP.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\dhsvr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\DHUpdt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\dealhlpr.dll
DealHelper displays advertisements based on user's web surfing behavior.
Symptoms
N/A This is not a virus or trojan.
Method of Infection
N/A This is not a virus or trojan.
Variants
Variants
N/A
All Information
Overview -
This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.
Characteristics
Characteristics -
McAfee(R) AVERT(tm) recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.
See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
This is not a virus or a Trojan. It is a adware application from DealHelper
.
Installation
File: DHsvr.exe
Hash: 42d79ec4e08f300bf1d61b4fb6b95e0d
File: DHupdt.exe
Hash: f273e698169e2d460a2565c3d790ea79
File: DealHlpr.dll
Hash: aa0a6b4f93fa2c13e6b1a6ae3578d00d
File: DHp.dll
Hash: 6dcb6a75b44e19b0b4ce140b81dd4f8d
Drops the following files into the %Windows% folder:
- DHbrowser.exe
- DHP.dll
- DHsvr.exe
- DHUpdt.exe
- DealHlpr.dll
The following Registry keys are added by DHupdt.exe in order to get executed on each reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DealHelperUpdate" = C:\WINDOWS\DHUpdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DealHelperBrwsr" = C:\WINDOWS\DHbrwsr.exe
DealHlpr.dll is installed as Browser Helper Object .
Browser Helper Objects are executable files that are loaded when the browser is launched. They can perform various task, such as generating extra pop-up ads, monitoring page navigation, etc.
The following Registry keys are added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\dhbrwsr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\DHP.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\dhsvr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\DHUpdt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
SharedDLLs\C:\WINDOWS\dealhlpr.dll
DealHelper displays advertisements based on user's web surfing behavior.
Symptoms
Symptoms -
N/A This is not a virus or trojan.
Method of Infection
Method of Infection -
N/A This is not a virus or trojan.
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A
