Security Xploded
 
  |    Home    |    Projects    |    Research    |    Articles     |    Security Tools    |    Download    |    Blog    |    About    |
 
Search
Latest Stuff
 
FirePassword for new Firefox version
FireMaster with New Features
Hacker Reversing Challenge 2007 Solution
Make your application Vista UAC compliant
Watch your shares from intruders  
Top Tools
 
NetShareMonitor: Monitor shares from intruders
FireMaster: Recover Firefox master password
FirePassword : Dump Firefox sign-on secrets
RemoteDLL: Remove DLL from process
ProcHeapViewer: Enumerate process heaps
Top Articles
 
Using Rainbow crack to recover Windows password
Rapair Windows registry using BackTrack
Unpack UPX using OllyDbg
Writing PESpin plugin for ImpREC
Decrypting Firefox sign-on secrets
 
 
 
 
 
 
 
 
 
BHORemover
Remove Malicious Browser Helper Objects from your System.
 
 
About BHORemover
BHO stands for Browser Helper Objects which are plugins written for Internet Explorer to enhance its capabilities. But this feature is being misused by many spyware programs which monitor user's browsing habits and also steal the users credentials silently. Also some of the BHO's slow down your system considerably.

To eliminate such BHO's from the system, I have written a tool BHORemover which scans your computer for any installed BHO's and displays complete details about each of them. The important feature of BHORemover is to make it easy to differentiate between legitimate and malicious plugins by providing all associated details such as full path, vendor name, installation date etc.
 
 
BHORemover in Action
 
 
 
How does BHORemover Works?
All Browser Helper Objects installed on the system are stored under following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Each entry under this key is a CLASSID which uniquely identifies particular BHO. Once you know the CLASSID, more information about it can be obtained by looking for that ID under following registry key
HKEY_CLASSES_ROOT\CLSID

This will give your complete path information of the DLL associated with the BHO. From this path information, you can retrieve vendor name, installation date etc.

To remove particular BHO, you have to just remove those above mentioned entries from registry. Note that modifying the registry manually can be dangerous and leads to disastrous results if edited wrongly. It is recommended that you use BHORemover tool to remove it from the system easily and quickly.
 
 
How to use BHORemover
BHORemover is standalone utility which does not require any installation. When you launch this tool, the screen will appear as shown above. Once you launch this tool, it will scan your system for all installed BHO's and list them with the following information
  • BHO Class Name
  • CLASSID of the BHO
  • Complete File Path
  • Company Name
  • Installation Date
To delete any of them, just select that BHO entry and click on DELETE button. Note that once you remove the BHO, it cannot be revoked back. Usually company information & BHO class name makes it easy to distinguish between legitimate and malicious ones.
 
 
Download BHORemover
 
 BHORemover ver 1.0.2 - Windows
 
 
See Also
NetShareMonitor: Monitor your shares from intruders.
WinServiceManager: Tool to manager Windows services.
RemoteDLL: Remove DLL from process using DLL injection.
 
 
 
 
 
 

Total Hit Count: Hit Count
"security through obscurity is just an illusion"
                                   -anonymous 
For any queries and suggestions, please drop a mail to tnagareshwar at gmail.com
 
 
www.SecurityXploded.com © 2008, All rights reserved by Nagareshwar Talekar.                        Built for Firefox