Trojan Horses Definitions(d) - Downloader DLLHLP

Downloader DLLHLP

Category: Trojan

Risk: High Risk

* High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.

Description: None

Alias: None

Signatures: at type: Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.

Advice: Remove

Threat risk: High Risk
High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.

Description: This trojan downloads and executes other programs from the internet. It also hijacks many Internet Explorer settings.

Downloader DLLHLP makes several copies of itself to Windows system directory using following file name: dllhlp.exe.

Downloader DLLHLP hijacks a number of Internet Explorer settings such as search and home pages. The following hajacks are made:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Search Bar" = http://youriskalka.com/sp.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Use Search Asst"= no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(Default) = http://youriskalka.com/index.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Search Bar" = http://youriskalka.com/sp.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Use Search Asst"= no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(Default) = http://youriskalka.com/index.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
"Use Search Asst"= no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(Default) = http://youriskalka.com/index.htm

It also adds itself as a startup entry to the Windows registry. The following registry key is created so that host32.exe is executed after each RESTART.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run "dllhelp"= c:\winnt\dllhlp.ex

Updated: 02/16/2006
Copyright @2006 THR Computer Solutions: Downloader DLLHLP