Adware Helpers
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 2 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 13,713,329 |
| First Seen: | January 4, 2013 |
| Last Seen: | July 13, 2025 |
| OS(es) Affected: | Windows |
Adware Helpers is an adware infection that affects computers running the Windows OS and is poorly protected from Potentially Unwanted Programs. There are several ways in which Adware Helpers may enter a computer automatically. Once installed, Adware Helpers may make various potentially unsafe changes to the affected computer, changing its settings and attempting to expose the computer user to low quality marketing or advertising material. Once Adware Helpers is installed, Adware Helpers may make the affected computer nearly impossible to use due to the many intrusive symptoms and myriad of problems that may be associated with Adware Helpers and similar adware threats. Because of this, computer users should get the partnership of a meritorious anti-malware tool to remove Adware Helpers immediately from the affected computer.
Table of Contents
Adware Helpers May Make Unwanted Changes to Your PC Settings
There are several problems associated with Adware Helpers. Adware Helpers is considered much more harmful than other adware infections due to the level of the symptoms associated with this adware infection. Adware Helpers uses an inordinately high number of files to install itself on the affected computer and, at the moment of this writing, is distributed globally, affecting computers in countries all around the world. Malware experts found several symptoms that may be caused by an Adware Helpers infection:
- Adware Helpers may cause unwanted changes to a computer's settings.
- Adware Helpers may cause severe performance problems on the affected computer. Computers affected by Adware Helpers can get stuck frequently or freeze. In some cases, Adware Helpers may damage to the affected computer's boot sector which may be linked to Adware Helpers or to other threat that is also associated with this adware infection.
- Adware Helpers may change your Web browser settings, decreasing your security and making it more vulnerable to other forms of threats.
- Adware Helpers may change your Web browser's homepage and default search engine, exposing computer users to unwanted websites and advertising material as soon as they launch their Web browser.
- Adware Helpers may redirect search results and other browser activity, forcing computer users to visit websites associated with Adware Helpers repeatedly.
- Adware Helpers may cause your Web browser to display pop-up advertisements, suspicious error messages, fake system alerts and pop-up windows containing potentially unsafe websites or online content that may expose your computer to other types of threats.
Aliases
15 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| Fortinet | VBS/Agent.NSW!tr.dldr |
| DrWeb | Trojan.Amonetize.9614 |
| AVG | Pakes2_c.BIVB |
| Fortinet | Adware/Linkury |
| Ikarus | PUA.MSIL.Toolbar |
| Sophos | Generic PUA AO (PUA) |
| F-Secure | Gen:Variant.Adware.Linkury |
| McAfee | RDN/Generic.dx |
| Fortinet | Riskware/GameBox |
| Ikarus | PUA.GameBox |
| Antiy-AVL | GrayWare[AdWare]/Win32.BrowseFox.bz |
| McAfee | Artemis!1E27FB144AEC |
| AVG | Generic_r.TZ |
| GData | Win32.Adware.Graftor.B |
| DrWeb | Adware.Boxore.5 |
SpyHunter Detects & Remove Adware Helpers
File System Details
Adware Helpers may create the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | apnmcp.exe | 7a7397d866f7b3654dc279f612f7915b | 15,109 |
| 2. | smappscontroller.exe | 0737725ccaf3e39321a07f699b092c16 | 10,739 |
| 3. | he92324.exe | 43154f0af9b3d690e6562c16141944e5 | 7,436 |
| 4. | rgAm6.exe | 39b3f88b49546d163a04900f625138b9 | 7,222 |
| 5. | passport.dll | 668702acdfab101d36c168d817720b20 | 4,240 |
| 6. | vlc-updater.exe | 6312dbb5b688c3a9e6ffa2f8b76c0de5 | 2,544 |
| 7. | check-update.exe | 95cdac39d14fb5a33dae199cc414c36c | 2,176 |
| 8. | woehptunafhkdu.boehp | 7121d807de3d9bd0ab0b11f07cb88b6c | 1,104 |
| 9. | alphapassive.msi | ddf9bf09f6aa5a7726863448c53d5c14 | 564 |
| 10. | tpyx55wl4yl.exe | cf50771b0c37efb1b18b932c5e6de455 | 418 |
| 11. | cugigwbq3n3.exe | 1f6a196c13f56a297645eec5b68e8e90 | 415 |
| 12. | crmsvc.exe | 1b738db8087a83d31afce54d3ddfa746 | 325 |
| 13. | 9180135.exe | 51181fc0f1d99d95c5bffc0f0aa22378 | 298 |
| 14. | em43zsg40.exe | 4fb6e7664f0495d7abf9dc2bfc4b6ce2 | 227 |
| 15. | LWR.exe | 864f9b8a42f237540d2a7212db86e66f | 224 |
| 16. | CCleaner.v6.00.9727.exe_Olv7N.exe | 51528a04f8f0d12ddb74aa2bd62889fb | 194 |
| 17. | file.exe | de664e163fea047ca91ded1b31f7568e | 90 |
| 18. | 243124d579b30a70cae52a7ca1d43b0d.dll | 697b339a848572dd37ad98c9e01d5f5a | 58 |
| 19. | update.exe | b2855436b37111d6b0e64d4221e7b48a | 45 |
| 20. | DhYimEoQU.exe | 1492f048f848431fd781fbd14a452916 | 42 |
| 21. | YzA4ZDlhNTBjOTRkN.exe | 3ee6b3c07c13d026288a2774770b658a | 39 |
| 22. | wxkYiwjjA.exe | 2bf25ffa3ca8fad7cb506b274db42b59 | 38 |
| 23. | Y2E0NWI1ZGVlMTE1Z.exe | 8a19ba332898c8eea92763628d7f1210 | 22 |
| 24. | 257596.exe | 9a82e5d731f3a07c1493d806b5ed74ae | 21 |
| 25. | k7s7v5bgfdhnycw.exe | 6b7748e77ad639f16b9dfb7e74553d4a | 19 |
| 26. | CpuHeatMapping.exe | e87815880b57f0c24aae7618d126b9fa | 13 |
| 27. | instloffer.exe | 619efdbf4c7ef6147551a50d1bd40e69 | 1 |
Registry Details
Adware Helpers may create the following registry entry or registry entries:
CLSID
{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}
{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}
{4E22700E-7CA9-30A1-9687-4CC130BB6388}
{87E1A3FC-FED3-3FF7-A11C-8443C6251976}
File name without path
wnzipservice.exe
Regexp file mask
%ALLUSERSPROFILE%\Application Data\beleza.exe
%ALLUSERSPROFILE%\beleza.exe
%ALLUSERSPROFILE%\updater\check-update.exe
%APPDATA%\ServiceControl\svcctl.exe
%LOCALAPPDATA%\dsisetup[NUMBERS].exe
%LOCALAPPDATA%\updt.js
%TEMP%\AmazonShoppingAssistant.exe
%TEMP%\UuU.uUu
%TEMP%\XxX.xXx
%USERPROFILE%\Downloads\This computer is BLOCKED[RANDOM CHARACTERS]
%USERPROFILE%\Local Settings\Application Data\dsisetup[NUMBERS].exe
%WINDIR%\System32\Tasks\ShopMore[NUMBERS]
Software\GamesLOL AiTemp
Software\MagicSearch
SOFTWARE\REALISTIC MEDIA INC.
Amazon assistant 1.0
Ebayssistant 1.0
Look Picture Tool
MagicSearch
telezilla
Yahooassistant 1.0
{27097E83-0712-446C-821A-C2DBB0C1CDE1}
{2C1A121C-292F-460D-BA62-3B9886D0DE46}_is1
{6C044E1B-C2BD-4B47-9913-40407FA5854E}
{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}
Directories
Adware Helpers may create the following directory or directories:
| %ALLUSERSPROFILE%\Application Data\QuestBrwSearch |
| %ALLUSERSPROFILE%\Application Data\bzughXCIBIxiSQVB |
| %ALLUSERSPROFILE%\Application Data\xpekMjRorgkcLnVB |
| %ALLUSERSPROFILE%\Pader |
| %ALLUSERSPROFILE%\QuestBrwSearch |
| %ALLUSERSPROFILE%\bzughXCIBIxiSQVB |
| %ALLUSERSPROFILE%\devnull |
| %ALLUSERSPROFILE%\sigmatechrvp |
| %ALLUSERSPROFILE%\xpekMjRorgkcLnVB |
| %APPDATA%\Fusion_ld |
| %APPDATA%\Fusion_ld2 |
| %APPDATA%\PotPlayerFus |
| %APPDATA%\SchedTaskSetup |
| %APPDATA%\spi |
| %COMMONPROGRAMFILES(x86)%\alphalabtle |
| %COMMONPROGRAMFILES(x86)%\womanhydafo |
| %LOCALAPPDATA%\whiteclick llc |
| %PROGRAMFILES%\EatPizza |
| %PROGRAMFILES%\NbbDohHftPUn |
| %PROGRAMFILES%\QuestBrwSearch |
| %PROGRAMFILES%\ZDE5YjFmMGQxMDdkNz |
| %PROGRAMFILES%\awda |
| %PROGRAMFILES%\clipandbuy |
| %PROGRAMFILES%\fileassociationmanager |
| %PROGRAMFILES%\name |
| %PROGRAMFILES%\rZdaClXBU |
| %PROGRAMFILES%\wannenginput |
| %PROGRAMFILES%\wannengzip |
| %PROGRAMFILES%\zaabzoubi |
| %PROGRAMFILES(x86)%\EatPizza |
| %PROGRAMFILES(x86)%\NbbDohHftPUn |
| %PROGRAMFILES(x86)%\QuestBrwSearch |
| %PROGRAMFILES(x86)%\awda |
| %PROGRAMFILES(x86)%\clipandbuy |
| %PROGRAMFILES(x86)%\fileassociationmanager |
| %PROGRAMFILES(x86)%\name |
| %PROGRAMFILES(x86)%\oPKmscYuxO |
| %PROGRAMFILES(x86)%\rZdaClXBU |
| %PROGRAMFILES(x86)%\smartinline |
| %PROGRAMFILES(x86)%\wannenginput |
| %PROGRAMFILES(x86)%\wannengzip |
| %PROGRAMFILES(x86)%\zaabzoubi |
| %TEMP%\Fusion_ld |
| %TEMP%\Fusion_ld2 |
| %TEMP%\PotPlayerFus |
| %USERPROFILE%\Configuración local\Datos de programa\OneClick |
| %USERPROFILE%\Configurações Locais\Dados de aplicativos\OneClick |
| %WINDIR%\system32\config\systemprofile\appdata\local\WhiteClick |
| %WINDIR%\syswow64\config\systemprofile\appdata\local\WhiteClick |
| %appdata%\MagicSearch |
| %appdata%\browser assistant |
| %appdata%\direct game uni installer |
| %appdata%\valerie |
| %appdata%\wssvchost |
| %programfiles%\PriceKiteke |
| %programfiles%\dataflow |
| %programfiles(x86)%\dataflow |
URLs
Adware Helpers may call the following URLs:
| "author": "Krasnaya Ploshchad" |
| -emoney.com |
| -incoming.email |
| -top.com |
| .ahdrold.com |
| .airtraya.com |
| .bar:443 |
| .best:443 |
| .biz:443 |
| .cam:443 |
| .cidedwithin.info |
| .click:443 |
| .club:443 |
| .cybermylife.info |
| .dadmariseds.info |
| .fun:443 |
| .gofesm.com |
| .live:443 |
| .lplesindiv.info |
| .maroceffects.com |
| .mp3bars.com |
| .news-back.com |
| .newsfacce.com |
| .online:443 |
| .premiumpushnotification.com |
| .pushworldtool.com |
| .putlockerfree.sc |
| .today:443 |
| .top:443 |
| .tw:443 |
| .usinesmycete.info |
| .work:443 |
| .xxx:443 |
| //settting.com |
| /int.special-offers.online/ |
| /speed-open2-com.replyalert.net |
| /websnewsdate.com |
| 50style.lt |
| actshydid.site |
| admntrk.com |
| adsnapy.com |
| adteacbarbe.info |
| ailkeyair.com |
| alballaim.com |
| allhugenews.com |
| allowandgo.com |
| allowedgutleton.info |
| app.news |
| arbrotherujik.info |
| arisedsore.info |
| artnewsupdate.info |
| arwartortleer.com |
| asinartisationy.info |
| atchmygf.to |
| balanceformoon.com |
| banianspaddi.info |
| becausaldevel.info/ |
| beeaimaid.com |
| beretrabinci.info |
| beriacroft.com |
| bestdealfor10.life |
| bestflowingstuff.co |
| boyughaye.com |
| budnetoil.com |
| califiesrease.info |
| caningsingothen.pro |
| cc:443 |
| cityskyscraper.com |
| click.dialog.support |
| click.unfurlable.com |
| cloudinguru.com |
| cnewvi.com |
| coolestmedia.net |
| creasonsau.info |
| cudalbapt.com |
| cultassoc.info |
| dailynotifications.com |
| ddyuei.com |
| defpush.com |
| delivesinve.info |
| dengelmeg.com |
| dimlitroom.com |
| directorio-w.com |
| drecentreshu.info |
| ecleneue.com |
| eddorsedepa.info |
| elfpetsic.com |
| enninghahanspa.info |
| ersoncur.info |
| ertyunbelie.info |
| ettotropsinhi.info |
| exclusivenotifications.com |
| favor1t.com |
| fiaharam.net |
| findprivate.online/results.php |
| findyourpleasure3.life |
| fitedlamaso.info |
| funnwebs.com |
| gamenaps.com |
| gamesearcher.pro |
| gelacrabuld.info |
| gerspriorate.info |
| gichelfactice.info |
| girls-datings.com |
| gleemsomto.com |
| gleguidat.info |
| got-a-message.com |
| gpretarydimin.info |
| hamtitwet.com |
| healthinfo7.com |
| hedincipat.info |
| hellopushworld.com |
| heroesofrpg.com |
| hersinhishowlet.info |
| horizonprize.com |
| hourseryangove.info |
| http://14nuzznszbdp.com/ |
| http://lktoday.ru/ |
| http://seargoo.com |
| http://wwnc.xyz/ |
| http://www.getmedia.online/ |
| https://alcreasalcon.info |
| https://api.myhappyads.com |
| https://banalbjar.com |
| https://belighterservice.com |
| https://bikereddint.info |
| https://blickmelbourne.com |
| https://blooks.info |
| https://bodicidealin.info |
| https://bosspush.com |
| https://calelderlyi.info |
| https://check-you-robot.site |
| https://checksuefriends.info |
| https://checkvd.com |
| https://chepotabakam.com |
| https://cocketexercine.info |
| https://confirmeo.com |
| https://crossiblesp.info |
| https://deal4yousite.com |
| https://downhindingref.info |
| https://dragonforwardknife.com |
| https://easecalcula.info |
| https://edhappearer.info |
| https://ertdistakereces.info |
| https://etablerun.info |
| https://evengsitolightont.info |
| https://extremecartoongames.com |
| https://ficepationals.info |
| https://findyourpleasure7.life |
| https://fuckswpe.securelandinglink.com |
| https://fukizi.com |
| https://furthelessp.info |
| https://get.classicgift.download |
| https://getcontent24.com |
| https://googleextension.com |
| https://gottedrableftevent.info |
| https://guesstimateds.com |
| https://hdesignegroupco.info |
| https://herdailylife.com |
| https://hichesassa.info |
| https://hiroje.com |
| https://histleolderlandch.info |
| https://housinesfoughamne.info |
| https://investing-reviews.com |
| https://jugjetwok.com |
| https://junioneruytew.info |
| https://lbenjamiemai.info |
| https://liansatrickth.info |
| https://liveads.net |
| https://lyflexicalcl.info |
| https://mattempts.info |
| https://metanewssubspush.info |
| https://metaphyc.info |
| https://minently.com |
| https://my.mobitraff.com |
| https://myceterparagr.info |
| https://mystemsrespo.info |
| https://narutogaming.com |
| https://ncourseac.info |
| https://neutharefleha.info |
| https://newlifestylejournal.com |
| https://notifygear.com |
| https://offers.weads32.com |
| https://oidyourseschoose.info |
| https://ondeletrofi.info |
| https://opensivepartme.info |
| https://ousseventi.info |
| https://outtemportm.info |
| https://oxinteriorit.info |
| https://ozsummarun.info |
| https://phereacades.info |
| https://play.go2game.co |
| https://poxaharap.com |
| https://prostometod.com |
| https://qubscribe.com |
| https://rightmovies.icu |
| https://rseschoosema.info |
| https://rtionwritty.info |
| https://rz.push-free.com |
| https://salregation.info |
| https://sinwasrechenhes.info |
| https://sionsrathet.info |
| https://sisewepod.com |
| https://skidrowcpy.os.tc |
| https://skidrowreloade.os.tc |
| https://sonumal.com/ |
| https://spartertrenhersen.info |
| https://squasainte.info |
| https://startrafficc.com |
| https://stewaysef.info |
| https://stories-gate.ru |
| https://streamteam.monster |
| https://superinterestinginfo.info |
| https://tedsaliesdirekt.info |
| https://thathatsparroptont.info |
| https://thatrussiangirl.com |
| https://thegoodcaster.com/redirect/ |
| https://thiocarbamylife.info |
| https://ticcopioidyou.info |
| https://tiktok-labs.com |
| https://tranzistor-harakteristiki.ru |
| https://trendopportunityfollow.ga |
| https://ularlywednese.info |
| https://ularunicalr.info |
| https://uluswozzel.info |
| https://univerexplo.info |
| https://up-date.to |
| https://urancspitte.info |
| https://urchrevening.info |
| https://ustinctsretio.info |
| https://welsworn.info |
| https://westnews24.com |
| https://wiohj.com |
| https://www.fulltv.nl |
| https://www.krepsinis.net |
| https://www.viralupdatestoday.com |
| https://www1.be-notified.com |
| https://xilbalar.com/imp/ |
| https://yeskapchabest.info |
| https://younwild.com |
| https://zpredir1.com |
| icyyapemu.com |
| ind1cate.com |
| initiatefresh.com |
| insertcoinage.com |
| instantfwding.com |
| investment-guides.com |
| investment-rules.com |
| irkerecue.com |
| jooikestreet.com |
| keterrehepren.info |
| leefmylife.info |
| lesindingretne.info |
| leveryone.info |
| loading-wsite.com |
| ltenhalefre.info |
| markably.info |
| mediavideo.website |
| message-alert.center |
| metedbuenge.info |
| metouchpush.info |
| modamania.es |
| moneymorning.com |
| moocauby.com |
| moreinfo.support |
| motheremutand.info |
| mychromesearch.com |
| myhealthyvibe.com |
| mynewswire.co |
| n1cely.com |
| ndextraincomi.info |
| netedaninghiga.info |
| news-back.com |
| news-fbe.com |
| news-gg.com |
| news-good.net |
| news-top1.com |
| newsfacce.com |
| newsmagic.net |
| newsredir.com |
| newsupdatesky.info |
| newswe.org |
| noredwilliont.com |
| notify-monad.com |
| nsbacking.com |
| ntioninstand.info |
| nythatspartaund.info |
| oakpyxyea.com |
| oawhaursaith.com |
| offersnewurl.com |
| oksmi.site |
| onehergotwitran.info |
| onlinepromotionsusa.com |
| onlybestpushnews.com |
| onrussia.info |
| oraronerethet.info |
| ouo.io |
| ouo.press |
| overiesarticu.info |
| paymentnotifyfriends.info |
| pc-torrent.ru |
| place-web.com |
| plsppushme.com |
| pog0da.com |
| pornohirsch.com |
| postyourlife.com |
| predicalflo.info |
| premiumstory.net |
| princessmovies.org |
| prioritynotifications.com |
| pro-news.net |
| product.directpower.download |
| promodayz.com |
| propu.sh |
| ptinouth.com |
| pushark.info |
| pushisback.com |
| pushishere.com |
| pushnotificationtest.com |
| pushtoday.icu |
| pushtouchme.info |
| quallyfounda.info |
| rameattot.com |
| randysnaps.com |
| redfunchicken.com |
| rednews7.com |
| renropsitto.info |
| rephartertonelin.info |
| revercecaptcha.com |
| ribngh.com |
| ricultwitho.info |
| rinexpende.info |
| rivilistsp.info |
| rnewsr.com |
| robotcaptcha6.info |
| roboticeretaser.info |
| routgveriprt.com |
| rpgbunker.com |
| rpgmasteronline.com |
| rsecompa.info |
| rutadzbeg.site |
| ryoneropling.info |
| ryseconomi.info |
| saturalcorre.info |
| sbroughhig.info |
| scansear.com |
| scientificnewsforyou.com |
| searchnotifyfriends.info |
| send-news.net |
| services.fast-push.com |
| shebaasot.com |
| shijacketsqua.info |
| shlega.com |
| simparentlydisco.com |
| solicencers.info |
| stixeepou.com |
| strialdeather.info |
| substand.info |
| sunlitez.ru |
| supernewsplus.com |
| systemalerts.xyz |
| systemsoft.com |
| tadchenmujahe.info |
| talbeinhecrof.info |
| tantiterhalac.info |
| technologieairflow.com/extensionInstaller |
| technotology.com |
| tert1ary.com |
| theactualnewz.com |
| thefaceduck.com |
| thehypenewz.com |
| thewowfeed.com |
| thofandew.com |
| ticeroftertal.info |
| tii.ai |
| tiktok-max.com |
| time-for-investment.com |
| tinuntoldrelac.info |
| tionsnewsupdate.info/ |
| toberlegisti.info |
| tofideventresfa.info |
| top10news.review |
| topviralnewz.com |
| touchmethen.info |
| tparticultwestme.info |
| tyfabricalislat.info |
| uctbettesvaricaof.info |
| udderfitteesp.info |
| uitabletublis.info |
| unclaimed-moneysearch.com |
| undoclosetab.info |
| vakogid.com |
| vitalfinancemedia.com |
| vlwcmgb48.ecfwg.xyz |
| w.ninja |
| wascorithedin.info |
| wasterestinfor.info |
| wea4her.com |
| wheedran.com |
| whobabsaim.com |
| winyourprize36.com |
| wonfigfig.com |
| worldtriviacenter.com |
| www.4club.com |
| www.redneckrepairs.com |
| xplaintsatiyab.info |
| xyz:443 |
| youjamnag.site |
