Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistant BHO's in Registry


  • This topic is locked This topic is locked
3 replies to this topic

#1 deango

deango

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 30 May 2005 - 12:35 PM

Hi. These two BHO's keep showing up in HiJackThis scans. They don't appear when I use Regedit-Computer-Find, but when I use the RegSearch application, they do. I follow the path for each one in the registry, delete the folder from the left-hand tree, turn off System Restore and reboot. There they are again in HiJackThis. Have deleted them from registry about 20 times. First one is AdShield which is a popup blocker I uninstalled a year ago and the other is malware known as UBMON. There is no file, so I don't think they are a danger, but would still like to get them out of the registry.
Thanks folks, you have been a great help in the past!
REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.1.4

; Results at 5/30/2005 9:28:00 AM for strings:
; '7559b76e-0222-4d77-9499-cce9eb4edc2f'
; 'ce7c3cf0-4b15-11d1-abed-709549c10000'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7559B76E-0222-4d77-9499-CCE9EB4EDC2F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_USERS\S-1-5-21-1482476501-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}]

[HKEY_USERS\S-1-5-21-1482476501-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7559B76E-0222-4D77-9499-CCE9EB4EDC2F}\iexplore]

[HKEY_USERS\S-1-5-21-1482476501-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_USERS\S-1-5-21-1482476501-515967899-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7C3CF0-4B15-11D1-ABED-709549C10000}\iexplore]

; End Of The Log...

BC AdBot (Login to Remove)

 


m

#2 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:08:02 PM

Posted 30 May 2005 - 07:40 PM

I don't advise turning off system restore as a method of getting rid of malware unless it's the last resort.
It sounds like you are being continually reinfected, what anti-virus and anti-spyware programs are you running and have you run them in Safe Mode?

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#3 deango

deango
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 03 June 2005 - 05:44 PM

I use AVG Anti-Virus, AdAwareSE, SpyBot, SpywareBlaster, CW Shredder and HiJack This. I update daily and upgrade to a newer version of each one when ever available. I only turn off the system restore AFTER I have removed the BHO's from the Registry and BEFORE I reboot, so that the BHO's will not be in any future System Restore that I might instigate. I turn the System Restore back on first thing after I reboot. Thanks for any advise you can give. deango

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 AM

Posted 15 June 2005 - 11:15 AM

I'm closing this thread as it is being continued here:
http://www.bleepingcomputer.com/forums/ind...topic=20686&hl=

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users