Home > Security Response > Virus Information Virus Search   Win-Adware/BHO.Tuotu.114688     System Risk Network Risk Spread Risk Current Spread Level Medium N/A N/A N/A Aliases   Primary Symptoms     Infected OS Windows Infected Route File Execution Kind Spyware() Infected Type Executable File Origin Unknown Specific Working Date N/A Date Discovered  (local time) Date Discovered in Korea   AhnLab's Countermeasure You can scan this virus with Engine version 2008.06.11.00  You can cure this virus with Engine version 2008.06.11.00  Summary Win-Adware/BHO.Tuotu.114688 is Adware that is installed without the user's agreement.  Content Win-Adware/BHO.Tuotu.114688 is Adware that is installed without the user's agreement. It registered as BHO monitors the user's keyword and system. [Registry] The following is Registry keys that Win-Adware/BHO.Tuotu.114688 creates. HKCR\CLSID\{0BECAB3A-E1F8-45E6-8332-38DD750EBA01} HKCR\CLSID\{51E442DE-0693-4724-BF89-C0711DD2C12F} HKCR\CLSID\{EA6506CE-9663-4855-99E2-29D989F6CA17} HKCR\TuoTuHelper.LDown HKCR\TuoTuHelper.LDown.1 HKCR\TuoTuHelper.RDown HKCR\TuoTuHelper.RDown.1 HKCR\TuoTuHelper.TTDownMgr HKCR\TuoTuHelper.TTDownMgr.1 A Browser Helper Object (BHO) is a feature that helps to extend and control the Windows Explorer and Internet Explorer (IE). Spyware or adware installed as a BHO is a DLL executed by the Windows Explorer or IE. So it is hidden from the Windows Task Manager. It is automatically executed by Windows Explorer whenever Windows starts. Spyware and adware maliciously employ BHO to change the IE home page, show pop-up advertisements, monitor the address bar, and redirect the browser to an unwanted address. You can remove a BHO manually by following the steps below: Control Panel -> Internet Options -> Advanced -> Uncheck "Enable third party browser extensions" Terminate the IE and remove .dll file of BHO. ? If the BHO is loaded with the Windows Explorer, start the system in Safe mode and remove the BHO.