Topics
Spyware - Your Web Browser is the Culprit!
?Ask About This Article
06th October 2005
Author: Kevin Souter


My first experience with a spyware BHO based infection was
several months ago. I had gone through all of the usual steps
with the client's machine to clean it. Ad-Aware was run, Spybot:
Search and Destroy was as well. Nothing looked suspicious in the
system's startup. All appeared well, but it wasn't.

After extensive testing and no further symptoms I returned the
computer to my client's home. I hooked it back up, and dialed the
internet. Everything so far was progressing smoothly. But, as
SOON as I loaded Internet Explorer: BAM the same pop-up
advertisements and other annoying things started happening again.
With much embarrassment I had to take the computer back to my
office and try again.

It was all Internet Explorers fault. Microsoft Internet
Explorer comes with a feature that is designed to add third-party
functionality to their browser. It's actually a very good idea.
Unfortunately, it now gets taken advantage of.

The producers of spyware know that many people now have spyware
removers installed on their computers. They also know that quite
a few people have the ability to check what is in their start-up.
Because of this, BHO's are crafted so that the spyware lies
dormant until Internet Explorer is opened. Then it can start its
dirty work.

The best program to remove an errant Browser Help Object is
HijackThis. This program was originally designed to remove
homepage hijackers and gradually morphed into an all-around
removal tool for everything. If there's any one tool that I
couldn't part with it's HJT.

To start, download HijackThis 1991. http://www.spywareinfo.com/~merijn

Once you've got it, open it. Click the button that says "Do a
system scan only". Following that, scroll down to the items
labeled 02 – BHO. Remove anything here that looks suspicious.
Internet Explorer does not require any BHO's to run. Just keep an
eye on the path that it loads from, and the name of the file. A
legitimate one will be fairly easy to spot, as it'll have a legit
title and OK looking path.

If the filename looks like it was randomly made, like
ASGSRT32.DLL or whatnot then there's a good 90% chance that it's
bad. Even if you do remove one that's good, you can always use
the restore feature of HJT to bring it back.



This article is free for republishing
Source: http://www.articlealley.com/article_11533_11.html
Occupation: computer technician
Kevin Souter is a full time computer technician and operates a computer repair site, as well as a free spyware removal site.
http://TweaksForGeeks.com has articles and tutorials on all sorts of computer problems from internet issues to hardware defects, for the novice and the expert. http://EradicateSpyware.net has been set up to teach you how to remove annoying Spyware / Adware / Malware from your computer.



Contact him at http://TweaksForGeeks.com
http://TweaksForGeeks.com

Ask the Community
Related Articles