Cleaning up after WMF exploit – BHO removal



Browser helper objects (BHO’s) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I’ve used BHOdemon in the past to identify and disable BHO’s and a tool like that is the preferred method. However, in my case, this is a disposable virtual machine and I used the “blunt object” approach…. regedit.


I had identified one file in the infestation as a BHO by viewing it with a text editor and finding a text string identifying that it was a BHO. 3.00.13.dll was the file name. In the registry, I went to the following key HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects and deleted every entry. This is not the recommended way of dealing with it, but I was already several hours into cleaning up my virtual machine and didn’t have any “good” BHO’s that I was concerned that would disable.

Even if there were “good” BHO’s that I had disabled I would image a reinstall of the BHO would fix it. (Some good one’s for example might be an Acrobat reader BHO)… Anyway, I had forgot to detail that step in the earlier writeups and wanted to make sure there was a complete accounting.

Related Posts

Blog Traffic Exchange Related Posts
  • Vmware launches beta of real to virtual converter Vmware has launched a tool (windows only it seems) aimed to convert a REAL running system into a virtual machine. (For use with VMWare's virtualization products. The converter also can convert images from competing virtual machine "platforms"(?) (Microsoft Virtual PC, Microsoft Virtual Server, Symantec Backup Exec System Recovery (formerly LiveState......
  • Disinfecting a PC... part 1 This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc's I've seen. It's also an interesting......
  • Virtual machine as a safe browsing environment I mentioned this in my summary yesterday morning as a possible workaround until there are patches for the WMF vulnerability that's been big news the last week. I notice that incidents.org has mentioned it too as a possibility today. VMware has released VMPLayer as a free way of running premade......
Blog Traffic Exchange Related Websites
  • Generate SSH Keys in Two Easy Steps This post is probably as much for me as it is everyone else. I got sick of having to look up 3 or 4 different SSH keygen tutorials every time I needed to generate a private/public SSH key pair, so I thought I'd write up my own. Here's how to......
  • 5 Reasons To Say Goodbye To Internet Explorer Microsoft has long championed its own proprietary web browser, Internet Explorer. Internet Explorer 7.0 proves to be the current browser version promoted by the operating system behemoth. This comes installed on every computer that operates on the Windows Vista or Windows 7 operating systems. Although this Internet Explorer is the......
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site