Overview
Summary:
Vendor Notes:
WebHancer provides a traffic measurement service that uses a client agent that is installed on user machines, gathering detailed data about sites visited, their performance and, most important, what the user actually does while there.
WebHancer is reportedly on ten million user desktops in 192 countries, placed there by partners such as companies that provide free software on the Web. Download an MP3 player, and you may be offered a chance to play in the measurement game by also loading the WebHancer agent.
This model is opt-in, with an explicit license agreement. WebHancer claims that its agent doesn't gather any personal information about end users.
Installation is transparent, but incorrect removal procedures will destroy your Internet connection.
According to the WebHancer website, Webhancer: "WebHancer Customer Companion resides on the end-user's computer, where it transparently monitors Internet performance. WebHancer Customer Companion measures overall network/site delay and the performance times experienced by actual end-users."
Alias:
Category:
Spyware: Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.
Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.
Similar Pests:
Origins
Group:
Vendor:
Date of Origin:
Distribution
Distribution:
Prevalence:
Clot Factor:
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Growth:
Operation
General:
Most users running WebHancer are not aware they are running it. Webhancer's install is silent, and triggered by the install of other, unrelated software that is bundled with it. In addition, there are reports that if it is removed, other applications in your machine might reinstall it.
The WebHancer install will alter critical Registry keys relating to Windows Sockets, causing the system's Internet connection capabilities to break if the user tries uninstalling it. WebHancer's makers claim not to modify system files although they have confirmed that attempting to remove it will break your system.
Advertising:
Storage Required:
Browser Performance:
Risks
Privacy Issues:
Privacy Policy:
Security Issues:
Stability Issues:
-
WebHancer conflict with Microsoft IIS - causes problems with ASP scripts. Problems have been reported when WebHancer installs itself on a Windows 2000 system running IIS. One user writes: "It causes server script ASP pages to not work at all when the web application settings are in medium and high isolation modes. The default mode is medium which allows pretty good performance benefits over "low isolation" mode. WebHancer doesn't seem to cause a problem with ASP pages when using low isolation mode." The suggested solution is to remove WebHancer and things should work as before. This MS Knowledge Base article may also be of interest:
Q303379: Firewall Client Conflict with Third-Party Layered Service Providers Causes Connectivity Problems
Detection and Removal
Automatic Removal:
PestPatrol detects this.
PestPatrol removes this.
Manual Removal:
WebHancer modifies your Windows Sockets configuration, binding itself to Winsock so that all packets are passed through WebHancer, so deleting WebHancer files may result in your loss of ability to connect to the Internet.
If you have not yet tried to remove WebHancer:
WebHancer's suggested removal method is to make sure WebHancer is installed, and remove it using Windows' Add/Remove Software feature. Follow steps 6-9 of the next section.
If you have already deleted WebHancer components:
If you've lost your Internet connectivity after removing the WebHancer Customer Companion, the software was not uninstalled properly. To resolve the problem, you'll need to reinstall the software and remove it properly. Follow these steps:
- Download whCC_webhancer.exe to your computer.
- Double-click on whCC_webhancer.exe. By default, Customer Companion is installed to \Program Files\webHancer, usually on C:\.
- Read the license agreement.
- Click Yes.
- When the installation is complete, restart your computer.
- Once your computer has restarted, go to Start / Settings / Control Panel and double-click on the "Add/Remove Programs" icon.
- Select the program called "webHancer Customer Companion" and click the Add/Remove button.
- Once the program has been uninstalled, restart your computer.
- Connect with the Internet and confirm that your programs are now working properly.
After uninstalling WebHancer successfully:
In your Program Files directory, delete these files if found:
\webhancer\programs\sporder.dll
\webhancer\programs\wbhshare.dll
\webhancer\programs\whagent.exe
\webhancer\programs\whagent.ini
\webhancer\programs\whiehlpr.dll
\webhancer\programs\whieshm.dll
In your Windows (Winnt) directory, you can delete these files if found:
webhdll.dll whagent.inf whInstaller.exe whInstaller.ini
Delete the WebHancer folder in the Program Files directory. (If you get a sharing violation on the wbhshare.dll its because its been loaded, you'll need to reboot before deleting this directory).
Delete all the following files out of you temp directory (most likely c:\temp). These files were put here temporarily during installation.
- atlansi.dll
- atlunicode.dll
- license.txt
- regwebh.dll
- sporder.dll
- wbhshare.dll
- webhdll.dll
- whAgent.exe
- whAgent.inf
- whAgent.ini
- whiedc.dll
- whiehlpr.dll
- whiehlpr.ini
- whieshm.dll
- whInstaller.exe
- whInstaller.ini
Remove the following registry entries if found:
- HKEY_LOCAL_MACHINE,\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}
- HKEY_LOCAL_MACHINE,\software\classes\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}
- HKEY_LOCAL_MACHINE,\software\classes\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}
- HKEY_CLASSES_ROOT,\software\microsoft\windows\currentversion\explorer\browser
helper objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}
IMPORTANT: If you are experiencing problems with WebHancer or its removal, please contact WebHancer support for assistance, either by emailing their tech support or contacting by phone at (613) 721-7747.
Kill these running processes with Task Manager:
Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\webhancer agent, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\webhancer survey companion, delete it and reboot the machine immediately.
Unregister these DLLs with Regsvr32, then reboot:
Remove these registry items (if present) with RegEdit:
Remove these files (if present) with Windows Explorer:
Remove these directories (if present) with Windows Explorer:
Research
File Analyses:
- webHancer: auto_update_uninstall.exe · auto_update_uninstall.log · basis.pu.dyn · digital signature 20030814.htm · eabh.dll · earn website.url · easy mp3 alarm clock.lnk · eiuninst.exe · ezstub.exe · install.log · license.lnk · license.txt · mmod.exe · mqgold1.dll · oeloader.dll · readme.lnk · readme.txt · regwebh.dll · sahuninstall.exe · search.src · seng.dll · unins000.dat · uninstall.lnk · wbhshare.dll · webhancer.txt · webhdll.dll · webhdll.txt · whagent.exe · whagent.exe-2e1b7dca.pf · whagent.inf · whagent.ini · whagent.txt · whagent_update.exe · whcc_realeuser.exe · whcc_realeuser.exe-03f58397.pf · whcc-corporate.exe · whcc-elida.exe · whcc-motor.exe · whcc-webhancer.exe · whiedc.dll · whiehlpr.dll · whiehlpr.txt · whieshm.dll · whinstaller.exe · whinstaller.exe-00f569eb.pf · whinstaller.exe-307df697.pf · whinstaller.ini · whsurvey.exe · wndbannn.src