home

tbhelper.dll

IE Toolbar

Zorba Networks, S.L.

The module tbhelper.dll, “IE Toolbar Helper Module” by Zorba Networks, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a URL search hook with the name ‘ToolbarURLSearchHook Class’. This file is typically installed with the program RechercherWeb Toolbar by Conduit Ltd. which is a potentially unwanted software program.
Publisher:
Zorba Networks, S.L.  (signed and verified)

Product:
IE Toolbar

Description:
IE Toolbar Helper Module

Version:
4.2.0.99

MD5:
7b8476d704ae6ee104e4529f72dc1662

SHA-1:
763b2b3ce01eb8fb93e343cf5375df4774706e1e

SHA-256:
2b17706a5a6f78bacc007fb16f4643d04b8a2a7c627efa9c148b2c2619cc235a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit (ClientConnect) Toolbar platform.

Analysis date:
5/4/2024 7:45:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit.Toolbar.Toolbar (M)
15.9.20.12

File size:
304.6 KB (311,896 bytes)

Product version:
4.2.0.99

Copyright:
Copyright © 2001-2011. All rights reserved.

Original file name:
tbhelperU.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\rechercherweb toolbar\tbhelper.dll

Digital Signature
Signed by:
Zorba Networks, S.L.

Authority:
COMODO CA Limited

Valid from:
12/13/2011 1:00:00 AM

Valid to:
12/13/2012 12:59:59 AM

Subject:
CN="Zorba Networks, S.L.", O="Zorba Networks, S.L.", STREET=Jativa 11, L=Madrid, S=Madrid, PostalCode=28007, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ABFA0DB2C5AC69A6D571352C9A1378ED

File PE Metadata
Compilation timestamp:
11/17/2011 12:21:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:e0TL41ItNQsDcty5d0sl1EKZlA7cZx9+WuhgX:3TsUDDcY5d0y1EKnA7cZx9dX

Entry address:
0x19C50

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C5, A5, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, 68, 70, 84, 01, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 44, 86, 04, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF...
 
[+]

Code size:
216.5 KB (221,696 bytes)

Internet Explorer URL Search Hook
CLSID:
{CA3EB689-8F09-4026-AA10-B9534C691CE0}

CLSID name:
ToolbarURLSearchHook Class


The file tbhelper.dll has been discovered within the following program.

RechercherWeb Toolbar  by Conduit Ltd.
This is a Conduit toolbar installed in the user's Web browsers (IE, Chrome and Firefox) that collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide ads via the toolbar.
64% remove it
 
Powered by Should I Remove It?

Remove tbhelper.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.