|
My first experience with a spyware BHO based infection was several months ago.
I had gone through all of the usual steps with the client’s machine to clean
it. Ad-Aware was run, Spybot: Search and Destroy was as well. Nothing looked suspicious
in the system’s startup. All appeared well, but it wasn’t.
After extensive testing and no further symptoms I returned the computer to
my client’s home. I hooked it back up, and dialed the internet. Everything
so far was progressing smoothly. But, as SOON as I loaded Internet Explorer:
BAM the same pop-up advertisements and other annoying things started happening
again. With much embarrassment I had to take the computer back to my office
and try again.
It was all Internet Explorers fault. Microsoft Internet Explorer comes with
a feature that is designed to add third-party functionality to their browser.
It’s actually a very good idea. Unfortunately, it now gets taken advantage
of.
The producers of spyware know that many people now have spyware removers installed
on their computers. They also know that quite a few people have the ability
to check what is in their start-up. Because of this, BHO’s are crafted
so that the spyware lies dormant until Internet Explorer is opened. Then it
can start its dirty work.
The best program to remove an errant Browser Help Object is HijackThis. This
program was originally designed to remove homepage hijackers and gradually morphed
into an all-around removal tool for everything. If there’s any one tool
that I couldn’t part with it’s HJT.
To start, download HijackThis 1991. Once you’ve got it, open it. Click
the button that says “Do a system scan only”. Following that, scroll
down to the items labeled 02 – BHO. Remove anything here that looks suspicious.
Internet Explorer does not require any BHO’s to run. Just keep an eye on
the path that it loads from, and the name of the file. A legitimate one will
be fairly easy to spot, as it’ll have a legit title and OK looking path.
If the filename looks like it was randomly made, like ASGSRT32.DLL or whatnot
then there’s a good 90% chance that it’s bad. Even if you do remove
one that’s good, you can always use the restore feature of HJT to bring
it back.
If you need any other HijackThis help then read the previous link.
About the Author:
Kevin Souter is a full time computer repair technician. He also operates a free
spyware removal site, as well as a general computer repair site. |
