This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.
Based on the settings of your F-Secure security product, it may block the file from running, move it to the quarantine where it cannot spread or cause harm, or ask you to select an action.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
This is the family description for the Iehlpr family of adware.
During installation, a DLL is dropped at:
Where [...] is a directory that varies depending on the variant.
The name of the dropped DLL file varies, and observed names are "UserData" and "IEHelper". The file name uses the following format:
Where **** is a 4-digit number, such as 5057.
Once dropped, the DLL is registered as a Browser Helper Object (BHO) in Microsoft Internet Explorer.
When active, the program displays advertisements while the user is browsing. It will also attempt to connect to a remote server.
Attempts to connect to: