JS/BDHelper-A

Please follow the instructions for removing Trojans.

JS/BDHelper-A arrives on the computer by browsing web pages containing the JS/BDHelper-A script or links to the JS/BDHelper-A script.

Web pages containing the JS/BDHelper-A script or links to the JS/BDHelper-A script may also be loaded directly by the adware software, in order to use HTTP to download updates of its software.

The adware software typically installs itself as follows.

The DLL BDSrHook.dll is registered as a COM object and plugin for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\(BC207F7D-3E63-4ACA-99B5-FB5F8428200C)
HKCR\CLSID\(E85A87F7-4AB3-4a9f-8187-9AFDD89489AA)
HKCR\Interface\(576F7E38-833A-4B0B-9A37-3865726D031E
HKCR\Interface\(F08555AF-9CC3-11D2-AA8E-000000000000)
HKCR\TypeLib\(3034F39C-A0B3-4068-9C0C-FC566B0263A3)
HKCR\BDHook.BDSrchHook.1
HKCR\BDHook.BDSrchHook
HKCR\MimeFilter.AdFilter.1
HKCR\MimeFilter.AdFilter

HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\
ShellExecuteHooks\(BC207F7D-3E63-4ACA-99B5-FB5F8428200C)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
(BC207F7D-3E63-4ACA-99B5-FB5F8428200C)

HKLM\Software\Microsoft\Internet Explorer\AdvancedOptions\ !IESearch\BDSearch

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
(BC207F7D-3E63-4ACA-99B5-FB5F8428200C) 3

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks.1\
(CFBFAE00-17A6-11D0-99CB-00C04FD64497)

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BDHelper

The following registry entry is created to run the "Rundll32" export of BDSrHook.dll automatically on startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BIE
Rundll32.exe <pathname>\BDSrHook.dll,Rundll32

The BDHelper and BDSearch adware software may provide an uninstallation option accessible via the Add or Remove Programs dialog in the Windows Control Panel (Start -> Settings -> Control Panel -> Add/Remove Programs).