Winshow
Category: Cookie
Risk:
Low Risk
* Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed.
Description: Winshow is a browser helper object (BHO) for Internet Explorer designed to change (hijack) your home page without your permission, change your default search settings to direct them to one of its controlling servers, and to open pop-up ads controlled Winshow modifies the Internet Explorer home page, so that when the browser is opened, it will, by default, load the advertising Web site. Winshow modifies the Internet Explorer default search settings, so that any default search attempt would be directed to a particular controlling server, which is often affiliated with the advertiser. When Winshow finds a selected word or phrase in a web page that IE is displaying, it may open a popup ad related to that term. Ads are served by 00hq.com and 8ad.com. Winshow is installed via MSUpdater.exe, a 20,480 byte file that runs silently and retrieves additional components. This may be delivered via a VBScript from a web page, or from a JAR file. When a JAR file containing the downloader is run, it uses the Microsoft Internet Explorer VerifierBug vulnerability to gain full privileges, escaping Java's intended security. The VerifierBug allows the downloader to run and download winshow.dll, and then register it with regsvr32. As a browser helper object, Winshow.dll is then run when you run IE.
Alias: None
Signatures: None Listed
Copyright @2006 THR Computer Solutions: Winshow