Cleaning up after WMF exploit – BHO removal
Browser helper objects (BHO’s) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I’ve used BHOdemon in the past to identify and disable BHO’s and a tool like that is the preferred method. However, in my case, this is a disposable virtual machine and I used the “blunt object” approach…. regedit.
I had identified one file in the infestation as a BHO by viewing it with a text editor and finding a text string identifying that it was a BHO. 3.00.13.dll was the file name. In the registry, I went to the following key HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects and deleted every entry. This is not the recommended way of dealing with it, but I was already several hours into cleaning up my virtual machine and didn’t have any “good” BHO’s that I was concerned that would disable.
Even if there were “good” BHO’s that I had disabled I would image a reinstall of the BHO would fix it. (Some good one’s for example might be an Acrobat reader BHO)… Anyway, I had forgot to detail that step in the earlier writeups and wanted to make sure there was a complete accounting.
Popularity: 1% [?]
Related Posts - Vmware launches beta of real to virtual converter Vmware has launched a tool (windows only it seems) aimed to convert a REAL running system into a virtual machine. (For use with VMWare's virtualization products. The converter also can convert images from competing virtual machine "platforms"(?) (Microsoft Virtual PC, Microsoft Virtual Server, Symantec Backup Exec System Recovery (formerly LiveState......
- But it's brand new, how could it have so many updates? This morning I was doing a fresh install of Windows XP SP2 into a Virtual Machine. So far, things are fine I went through windowsupdate and found 3 updates the first time, then rebooted and hit windowsupdate again to see 55 updates available. A lot of times when I set......
- Virtual Machine of a real hard drive This incidents.org article the other day caught my eye. It talked of a utility calledliveview that could take a hard drive (or image of a drive) and make it into a virtual machine for use in vmware (saving all changes to a temporary file so the original structure of the......
Related Websites - Creating a Blog Video Online About two years ago, blogging hit a surge that allowed its way into the mainstream, and now everybody is blogging for a wide variety of different reasons. Blogs resemble web-based public diaries of sorts, where the creator can record their thoughts, their opinions, questions and answers and essentially anything else......
- FTP And Other File Transfer Tools In Web Hosting Anything related to the Internet or computers is bound to introduce technical issues pretty soon. One of the earliest that novice web site owners encounter is FTP, which is an acronym for File Transfer Protocol. Seeing it spelled out, it's easy to see why those in the know quickly move......
- Create Autorun for your CD's and DVD's The compact disk drive auto play feature, common to most operating systems, is a good way to simplify user experience. Auto play is controlled by a simple text-only file called autorun.inf. While there are dozens of software utilities available that will help you create the file, all you really need......
Similar Posts
- Disinfecting a PC… part 8
- C:\windows\system32\kernels64.exe not found
- Disinfecting a PC… part 4
- More WMF exploit testing on Windows 98
- Update on Long registry entries bug