Browser Helper Objects (BHO)

[Russ V.]

There are 9 BHOs in the registry that are either
hazardous or unknown. MS AS will not remove them. Tried
to manually remove all instances of the key for the BHO
in the registry. All were deleted except for those listed
at:
HKLM/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/EXPLORER/BR
OWSERHELPEROBJECT, none of them can be deleted.

How the heck do I get rid of these?

Russ V.

 

[plun]

There are 9 BHOs in the registry that are either
hazardous or unknown. MS AS will not remove them. Tried
to manually remove all instances of the key for the BHO
in the registry. All were deleted except for those listed
at:
HKLM/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/EXPLORER/BR
OWSERHELPEROBJECT, none of them can be deleted.

How the heck do I get rid of these?

With HijackThis. Please read instructions on webpage !

http://tomcoyote.com/hjt/

 

[Andre Da Costa]

To view the BHO report:
1. Click "Tools" - "Advanced Tools" - "System Explorers".
2. In the left pane, underneath "Internet Explorer", click "IE BHOs".

You will see a list of installed Browser Helper Objects. As noted in the
key, BHOs preceded by a star should be safe, those next to an exclamation
point are unknown, and those next to a red "X" are those Microsoft
AntiSpyware deem hazardous.

Click a BHO for more detailed information if available, such as the BHO
name, description, and publisher name. Also, in the right pane, you can
choose to temporarily or permanently block the BHO. If the BHO is hazardous,
you may want to consider permanently removing it. However, for unknown BHOs,
you may want to consider only temporarily removing the object and examining
the effects later from within Internet Explorer.

Read more here:
http://spaces.msn.com/members/adacosta/Blog/cns!1ppieQf0aF6k7J0XYrJfhfMQ!892.entry

 

[Bill Sanderson]

Can you say more about what happens? Have you tried doing this in safe
mode, logged in as administrator? I don't have any to spare to test what
should happen. Can you tell whether the permissions have been modified on
that key to keep you from doing this?

Is this XP--is it Home or Pro?

 

[Steve Wechsler [MVP]]

Russ,

Was IE open when you attempted to delete the reg keys ?
Did you attempt this while online with IE closed ?
Did you try to delete the keys in Safe Mode by doing a scan with MSAS ?

Steve Wechsler (akaMowGreen)

MS-MVP 2004-2005
Windows Server
Windows - Security

 

[Russ V.]

Yes. I have logged in as Administrator in the safe
mode. The BHO would not delete from the registry (using
regedit). MS AS would not delete either and I assume
that is because whatever is preventing deletion (regedit)
is also the reason that MS AS cannot permanently remove.

This is XP Home.

As to permissions, I didn't check. I did, however, use a
good machine (with no problems) and deleted a BHO from
the registry in normal user mode without problems.
(Naturally I created a restore point first, and restored
afterward.)

Russ V.

 

[Guest]

Steve,
All instances of IE were closed. I tried in Safe Mode
with the same result. MS AS hung up at the BHO keys in
the registry in Safe Mode.

Russ

 

[Bill Sanderson]

I've seen some reports of spyware which alters permissions on registry keys
so that they aren't easily deleted. Some of these may be behind some "hang"
issues in relation to parts of Microsoft Antispyware actions.

I'm not clear how all this works in XP Home, but the way to get it fixed
would be to use safe mode and administrator, and check the permissions, and
perhaps take ownership, if necessary to gain control.

 

[Russ V.]

The problem was, in fact, permissions. I checked the
keys and no permissions were assigned. I set permissions
to administrator and then deleted the keys. Safe Mode
was not necessary. The problem PC was my son's, who
lives in Colorado, and I was linked to his PC via Remote
Assistance. MS Antispyware ran sucessfully, found
several other spyware items, which were removed. Quick
and Deep scans were successful.

Thanks,
Russ V.

 

[Bill Sanderson]

Thanks--excellent story--bits built-in to the OS and part of the base price
enabled you to work with this machine across miles, and fix a pretty
esoteric problem.

Ever look at what Apple charges to use their remote application?

(This reminds me that I need to set up this facility with my father who just
bought his own machine after getting impatient with the machines in a common
lab at the retirement home where he lives--they are pretty virus-laden. I
need to get set up for Remote Assistance with him, even though he's on a
dialup modem--it is still a usable facility even at that speed.)

I've done remote work on my mother-in-laws machine using VNC--about 320
miles away, and I've used Remote Assistance on a machine in Denmark--not
sure how far that was!

Anyway--glad it worked. Clearly Microsoft Antispyware needs to get a little
smarter where such permission issues are involved.

 

[Russ V.]

I think the Remote Assistance feature is great. I've been
with MS since MSDOS and it just keeps getting better. (An
opinion not shared by many.)

I've helped another son in North Carolina, sister-in-law
in New Jersey, and some customers across town (i get lazy
sometimes). Once, though, I could not connect and found
that the user's DSL/Router [ActionTec-had to find the
manual online] needed Port Forwarding configured before I
could get a connection. It is difficult fixing problems
when the folks being helped have little or no knowledge
of computers, networks, etc. (I'd never make it on a
help desk.)

Russ V.