IEMonit is a search result hijacker implemented as an Internet Explorer Browser Helper object. It checks queries submitted to search engines for sex-related keywords. (Google, Yahoo, Lycos, AltaVista, Infospace and a variety of Polish search engines are targeted.)
It is currently unknown where IEMonit comes from.
What it does
Yes. May open advertisements when targeted keywords are entered.
Yes. Includes an updater process which is believed to be able to download and execute arbitrary code from its controlling server. I currently have not obtained a copy of this to test, however.
Open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands:
regsvr32 /u iemonit.dll
Next, open the registry (click ‘Start’, choose ‘Run’, enter ‘regedit’) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the entry ‘Internet Explorer Library’ on the right, pointing to ‘ieupdates.exe’, ‘updaterie01.exe’ or ‘fixieupdate.exe’.
Restart the computer and you should be able to delete ‘iemonit.dll’ and ‘ieupdates.exe’/’updaterie01.exe’/’fixieupdate.exe’ from the System folder, which is inside the Windows folder (and is called ‘System32’ on Windows NT/2000/XP).