Limited Time!
Totally FREE Web Design!
Click here!

Parasite: IEMonit

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

IEMonit is a search result hijacker implemented as an Internet Explorer Browser Helper object. It checks queries submitted to search engines for sex-related keywords. (Google, Yahoo, Lycos, AltaVista, Infospace and a variety of Polish search engines are targeted.)

Distribution

It is currently unknown where IEMonit comes from.

What it does

Advertising

Yes. May open advertisements when targeted keywords are entered.

Privacy violation

No.

Security issues

Yes. Includes an updater process which is believed to be able to download and execute arbitrary code from its controlling server. I currently have not obtained a copy of this to test, however.

Stability problems

No.

Removal

Open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u iemonit.dll

Next, open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the entry ‘Internet Explorer Library’ on the right, pointing to ‘ieupdates.exe’, ‘updaterie01.exe’ or ‘fixieupdate.exe’.

Restart the computer and you should be able to delete ‘iemonit.dll’ and ‘ieupdates.exe’/’updaterie01.exe’/’fixieupdate.exe’ from the System folder, which is inside the Windows folder (and is called ‘System32’ on Windows NT/2000/XP).