New User? Click here to register! Feel free to read this for beginners help.

Computer Cops
image image image image image image image image
Prime Choice
· Head Lines
· Dnld of the Week!
· Find a Cure!
· Ian T's (Article 12)
· Marcia's (Op8)
· Paul's (Article 3)
· Ian T's Archive
· Marcia's Archive
· Paul's Archive
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Security Central
· Home
· Wireless
· Bookmarks
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· Recommend Us
· RegChat
· Reviews
· Search
· Sections
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
Donations
image
Search

image
Survey
Which Anti-Virus product do you use?
Computer Associates
Eset (NOD32)
F-Secure
Frisk (F-Prot)
Grisoft (AVG)
Kaspersky
Network Associates (McAfee)
Panda
Sophos
Symantec (NAV)
Trend Micro
Other



Results
Polls

Votes: 8438
Comments: 76
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

Just what the heck is a BHO anyway??

 
Post new topic   This topic is locked you cannot edit posts or make replies       Computer Cops Forum Index -> Spyware - HijackThis
View previous topic :: View next topic  
Author Message
phoenix22
Site Admin
Site Admin
Premium Member
Premium Member


Joined: Mar 08, 2002
Posts: 3900
Location: "Div. Stand By"
PostPosted: Tue Nov 18, 2003 12:08 pm    Post subject: Just what the heck is a BHO anyway?? Reply with quote
From the UnderSheriff by Tony (the saint) Klein

"What is a Browser Helper Object?
A Browser Helper Object, or BHO, is just a small program that runs automatically every time you start your Internet browser. Usually, a BHO is installed on your system by another software program. For example, Go!Zilla, the downloading utility, installs a BHO created by Radiate (formerly Aureate Media); this BHO tracks which advertisements you see as you surf the Web.

The natural question is, what do BHOs do? The technical answer is "anything", but generally, it will have something to do with "helping" you browse the Internet.
Of course, many BHOs are what is called "ad-ware" or "spyware": they do things like monitor the websites you visit and report this data back to their creators."

They can also routinely conflict with other running programs, cause a variety of page faults, run time errors, and the like, and generally impede browsing performance.

For those looking for an engrossing read, here's the authoritative MS article:

Browser Helper Objects: The Browser the Way You Want It

A great little tool for viewing and, if required, disabling, the BHOs that may be installed on your machine is BHODemon, which can be downloaded here

We're maintaing a comprehensive list of all known BHO's and Toolbar CLSIDs, which can be viewed here:

http://www.sysinfo.org/bhoinfo.php

It is continuously being updated.

Listed BHO's and Toolbar Class IDs are tagged X for certified spyware/foistware, or other malware, L for legitimate items, O for 'open to debate' and ? for items of unknown status.

NOTE: The Notorious LOP foistware now creates random Browser plugin identifiers as well as file names.

They'll look something like this:

{1A35419C-7394-4989-B3C5-6189EB06BD66} - ssshwckfrngl.dll
or
{9633C13D-85BB-4271-83C1-F22BC2938585} - llbrquistglc.dll
or
{DCF6B0CF-5312-42B2-B783-971C107F8B91} - kstilypsm.dll


As the number of possible names and combinations could therefore literally run into the billions, I will no longer be adding LOP BHOs to the list.
Be watchful when running into unknown BHOs bearing these kinds of fancy names. If they're not on the list, and the file is located in the Application Data directory, it's almost certainly a LOP BHO

The same now goes for Adgoblin/InContext and WurldMedia Browser Plugins, and there are others. Here are some examples of random WurldMedia identifiers and file names:

{8A79D959-1251-41CC-B29D-4CF8B675D41E}: toalundg.dll
{BFAE1995-4CAC-40D0-B029-42CEC449E838}: ecule.dll

and some semi-random ones:

{E0634852-5A3C-4E35-954C-17A0622F0BF8} - m030206pohs.dll
{6270DFC1-EDFB-4BC4-BE8C-842740BA290B}: MOAA030425S.DLL
{BFBAE8DA-9920-4166-A5A4-EBD03F59ABF5}: mo030414s.dll
_________________
"De Oppresso Liber" (We Liberate the Oppressed) Holy Shinola Bat Babe! "Phoenix Flight"....for Buddy...who lived it!
Back to top
View users profile Send private message Visit posters website
Display posts from previous:   
Post new topic   This topic is locked you cannot edit posts or make replies       Computer Cops Forum Index -> Spyware - HijackThis All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8 © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 538 pages served in previous 5 minutes. Page Generation: 0.328 seconds.