Alert! Be on the lookout for "sthhcrooxea" [Archive]

View Full Version : Alert! Be on the lookout for "sthhcrooxea"

trparky

December 29th, 2003, 03:40 AM

Alert! Be on the lookout for "sthhcrooxea", it is an IE Toobar distributed with MSN Messenger Plus as an optional component.

How did I get it? Dan, my brother, unexpectedly and unknownly installed it on one of our computers which was part of the MSN Messenger Plus setup routine that installed a Search bar in Internet Explorer and pops up ads every once in awhile.

Anyways, the file is called "prjgroasheap.dll" and the CLSID code is "1f1562db-d22a-4fb3-b643-39bdf53b00f7".

Anyways, I removed it with the help of HyjackThis.

trparky

December 29th, 2003, 05:00 AM

Also, the following...

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - AproposPlugin.dll

O2 - BHO: (no name) - {edfb1a41-60fc-4ade-ac34-76a20cea2578} - prjgroasheap.dll

Pieter_Arntz

December 29th, 2003, 07:05 AM

Hi trparky,

The prjgroasheap.dll with the CLSID code is {1f1562db-d22a-4fb3-b643-39bdf53b00f7} and {edfb1a41-60fc-4ade-ac34-76a20cea2578} - prjgroasheap.dll are very likely completely random filenames and CLSID's and due to a lop.com infection.

The Apropos BHO is a new variant of this one: http://www.doxdesk.com/parasite/AproposMedia.html

Regards,

Pieter