Does anyone use either of these two programs. Thoughts comments on one verses the other. Which do you like best?

No comparison from me, I just use BHODemon.
I have recommended it a lot of times, never learned of anyone that it didn´t work. It´s easy to use, free, small, fast and does what it´s supposed to do.
So it gets a http://www.plauder-smilies.de/happy/xyxthumbs.gif from me.

Regards,

Pieter

I've tested all 3: Bho Captor, Bho Cop, Bho Demon
BHO Demon wins hands down.

-{ Quote: " quoting: MickeyTheMan link=board=9;threadid=4164;start=0#27283 date=1034446496]
I've tested all 3: Bho Captor, Bho Cop, Bho Demon
BHO Demon wins hands down.
" }-

Hi MTM ;)

I can second that

Rgds

Well, as regards which of the two is the better, both do detect all BHOs you may have, so there's no difference.
in 'detection'.

It's not like an antivirus where you need a huge database, and regular updates.

BHOs are invariaby installed in the same Registry Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects, so as far as detecting them goes, it's not much of a feat.

However, I agree with everyone that BHODemon is the most informative of the two.

As for the BHO's themselves, I've been "collecting" them for some time, and this is what I've dug up till now.

The list often comes in handy when trying to identify a BHO.

A thank you to Andrew Clover, whose site (http://217.115.153.73/parasite/) provided some of the definitions for these BHOs and to http://www.cexx.org/ , a great site about "Adware, Spyware and other unwanted "malware", and how to remove them".

Listed BHO's are tagged X for certified spyware/foistware, or other malware, L for legitimate items, O for 'open to debate' and ? for BHOs of unknown status.

It is updated on a weekly basis, usually on Saturday.


NOTE: The List has moved, and can now be viewed at the following location:

http://castlecops.com/CLSID.html

Awesome, Tony! ;)

regards,

paul

Thanks, Paul! :)

As I said, I'm a sucker for lists... ;D

Any possibility to make this post into a sticky?

If no joy, I won't mind bumping it every time I update it, then delete the 'bump' post.

-{ Quote: "Any possibility to make this post into a sticky?" }-

There is ;D. Keep them coming!

regards.

paul

Thanks Paul!. Appreciate it! :)

The list has been updated with a few items, and every entry is now tagged as either foistware, legitimate, open to debate, or unknown status, at least as far as I could determine.

Any further information anyone might have about any of them is appreciated.

And I'm always interested in trading duplicates for new ones! ;D

Cheers,

I notice that the DefinitiveSolutions link ( http://www.definitivesolutions.com/bholist.htm ) is no longer working.

That's bad enough - does anyone know whether development of the program is stopped dead as well? IOW, it's not going to be updated anymore?

As Tony stated the program only needs to "read" one registry entry, so there isn't much to update.
I suppose they gave up making a list, because Tony's was longer ;D
The download page: http://www.definitivesolutions.com/bhodemon.htm
is in working order.

Regards,

Pieter

-{ Quote: " quoting: Ghost link=board=9;threadid=4164;start=0#27882 date=1034953585]
I notice that the DefinitiveSolutions link ( http://www.definitivesolutions.com/bholist.htm ) is no longer working.

That's bad enough - does anyone know whether development of the program is stopped dead as well? IOW, it's not going to be updated anymore?
" }-

Well, the list only contained 5 or 6 entries to begin with, so it wasn't very useful anyway.

And as for "development" of the program, IMHO, there isn't anything much to 'develop'.

As Pieter already confirmed, the app detects all Browser Helper Objects, which is what counts.

-{ Quote: " quoting: Ghost link=board=9;threadid=4164;start=0#27882 date=1034953585]
I notice that the DefinitiveSolutions link ( http://www.definitivesolutions.com/bholist.htm ) is no longer working.

That's bad enough - does anyone know whether development of the program is stopped dead as well? IOW, it's not going to be updated anymore?
" }-

He's basically stopped with it. He even offered to sell the rights to me at one point, but I wouldn't know what to do with it.
If his download page ever disappears, I've been mirroring it for months now.
http://www.spywareinfoforum.com/downloads/bhod/

hm.. ::)I must dissagree!
how do you re-enable disabled BHO's with BhoDemon?

I use it only as a back up to view active bho's but BhoCop is still my all time favorite! may not be informative as the other but easy to use and shows me all bho's list, enabled and disabled! also the option top create different profiles gives greater testing tools. and easy to re aneble any on the fly :)

Re-enable BHO's is done by running BHODemon.exe wich should give you a list of your BHO's, select the one you want to re-enable, hit the details button. You should see a window wich a short description of the BHO and the option to put a radio button in front of "Enabled - Allow this BHO to be loaded by your browser"
Selecting that one should do the trick.

Regards,

Pieter

Well, any BHO detector lists every single BHO, so there's no difference there.

They only enumerate the contents of one single registry key, so there's not much 'detecting' involved there...

I prefer BHO demon, because it gives better information about each bho.

And as for how to re-enable a bho with BHO Demon?

Well, I admit that's incredibly complicated, but why not just recheck them? ;D ;D

I have lingering doubts whether you've actually tried the application.

Cheers,

::)oppss
I think i know what happened..at the moment i'm using both Bhodemon and Bhocop so the disabled ones by Bhocop do not appear to exist in the list of Bhodemon..since they were not disabled there to begin with..Bhocop runs as a process in startup and quits, while controling the bho's. maybe ill disable and swith to the other. i still like the different profiles options though!
Thanks for enlightening me ;)

;Dguess what?
you can put your linguering doubts to rest now, it worked!!!
re enabled all bho's in Bhocop, unticked it from startup and recreated my prefered list in demon.
Surprisingly so, i now have enabled and disabled ones listed.
Hm..but i must confess i like bhocop's interface so much better..no need to click to view more details, all i need is listed on one line-bho, version, path and CLSID

Well well, just run the famous hijack this and it listed my entire bho's , active and inactive alike, with a bhodemon_disabled extension at the end of the ones i disabled. Whereas when bhocop is active, hijack this shows only enabled ones, and disabled ones appear do be non existant.

Conclusion? bhodemon renames the bho's without altering any reg key, as opposed to bhocop that alters the reg key by removing disabled entries from registry, and keeping them as stored configuration keys in separate backups.

hm..not much of a brain-data process in either, but since i'm an old gashion gal i chose to revert to my favorite cop 8)

I've just added links to articles on most of the BHO's listed.

I think it makes the list somewhat more informative

Thnx Tony,

It's becoming quite a library 8)
I noticed you listed Stardownloader as Legit. It might be, but I encountered it only once and that time it was causing trouble for the user.
Could have been a conflict (he was using DAP as well) or just a crummy programm. Your views?

Pieter

Hi Pieter,

It may have been causing trouble for the user, but any IE plugin could, given the "right" circumstances.

Or it could of course have been due to sloppy programming.

However, as far as I know, (and some of this is admittedly third hand information), it doesn't phone home, or do anything else of an objectionable nature.

Ok Tony, thnxs for the info.
No need going around accusing something until proven guilty :)

Regards,

Pieter

My concern with the program not being updated/devved anymore referred to the fact that the information links about the various BHO's wasn't being updated - not about the program itself not being updated. (Sorry I didn't make that clearer).

Tony - Why don't you get together with the author of BHODemon, take over the program dev, then simply add all your info to it?

There's already a StarDownLoader thread started, here: http://www.wilderssecurity.com/showthread.php?t=4595 .

-{ Quote: " quoting: Ghost link=board=9;threadid=4164;start=15#30702 date=1036594672]
There's already a StarDownLoader thread started, here: http://www.wilderssecurity.com/showthread.php?t=4595 .
" }-

I know Ghost. That was one of the reasons I asked Tony about it :)

Regards,

Pieter

-{ Quote: " quoting: Ghost link=board=9;threadid=4164;start=15#30699 date=1036592776]
Tony - Why don't you get together with the author of BHODemon, take over the program dev, then simply add all your info to it?
" }-

A tantalizing idea! :D

However, I don't intend to dedicate the rest of my life to the noble (?) BHO.

I'm sure there must be more to life.

Now if ony I could find out what it could possibly be... ;D

Is there any way that BHO´s can be hiding from BHODemon?
The reason I´m asking is that Startuplist shows two BHO´s that BHODemon doesn´t.
(no name) - (no file) - {7583A45D-8C46-11D1-8D99-00A0C913CAD4}
(no name) - (no file) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}
I haven´t got the faintiest where that first one comes from ???
I searched the regsitry and the only place these CSLID´s show up is in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects where one would expect BHODemon to detect them. Or does it ignore them since they are not linked to anything?

Regards,

Pieter

No, BHOs can't possibly hide.

Startuplist reads the data in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects, and then looks at the Inprocserver32 subkey of the corresponding CLSID in HKEY_CLASSES_ROOT in order to determine what the dll in question is.

In both of these cases it finds "no file" so the BHO is harmless in practice.

That ought somehow to account for the difference.

Thnx Tony,

That´s what I suspected. Just wanted to make sure :)

Cheers,

Pieter

No prob! :)

Greetings Forum members and Moderators,
To Tony Klein,
I have been looking through your list of BHO's with interest, after reading the posted comments,because I have a new one for your list and also seek your help.

I have found 4 in the Registry but BHODemon only records 3 of them.(This may answer Peiter's query)
I will list the CLSID's and note what I found:-

1. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
2. {80F3E430-B101-42AD-A544-FADC6B084872}
3. {1E1B2879-88FF-11D2-8D96-D7ACAC95951F}
4. {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}

1,2 and 3 you already have listed.BHODemon shows 1,2 and 4 but misses 3.
4. This belongs to AbsoluteShield Internet Eraser and is called AbsoluteShield IE Popup Blocker (PKExt.dll)
I can provide more info as you require.It is disabled by BHODemon now as I use Outpost firewall as my popup blocker(Quite effective too, I might add!)

I would like to find out what to do to make BHODemon find and record 3.I tried putting the CLSID into the .ini file for BHODemon but nothing happens!It is as though it does not exist.It is found in the Registry with the others, labelled as 'Activater', and a search shows that it does exist on my HardDrive.

What can I do to be rid of it?

Regards
Tommie

Hi Tommie,

Thanks for the new BHO. It'll be in the next update, together with another 6 or so new ones.

BHO's appear to be all the rage: Google and Cookie Pal's Kookaburra appear to be two more companies that didn't use to install BHOs with their software, but now do.

About the third BHO, I don't think there's anything you can do to "make BHO Demon see it".

Did you find a reference to that CLSID in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects as well?

Because that's where it ought to read them from.

Alternatively, please do this:

Go to http://www.spywareinfoforum.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Let's see whether it does find the third BHO.

Hello Tony
Just came back to the Forum to see your reply.
The screen shot shows the info you ask but I will follow your advice and try to return later with that info too.

Regards
Tommie

Hello Tony Klein
I am back with the info again.
Will try to post 2 images at one time-maybe not allowed here.

Tommie,

Go to HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}

Does that key have all three af the following subkeys:

ImprocServer32, ProgID, and VersionIndependentProgID?

Also take a look at the default value for ImprocServer32.
What dll does it point to, and do you in fact have that dll?

Ah, thank you for that second image.

It says "No file", so the dll in question has probably been removed, which is why BHO Demon wasn't able to read its properties.

That's why. :)

Cheers,

trying again to download the Hijack log file .the notice says it is not allowed so I changed .log to .txt Hope it works!

Hello Tony

As the screen shot shows none of those keys are present for that CLSID.
Now what do I do to get rid of 'Activater'?

Well, delete both
HKEY_CLASSES_ROOT\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}

and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}

Hi Tony and tommie_tt,

I´ve had this Activater key longer then I can remember. It was there the first time I ever looked into BHO´s.
I exported that part of the registry and it looks like this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]
@="Activater"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}\ReadMe-BHODemon]
@="This BHO has been enabled by BHODemon."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7559B76E-0222-4d77-9499-CCE9EB4EDC2F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7559B76E-0222-4d77-9499-CCE9EB4EDC2F}\ReadMe-BHODemon]
@="This BHO has been enabled by BHODemon."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}\ReadMe-BHODemon]
@="This BHO has been enabled by BHODemon."

I always assumed this was a Windows key. Was I mistaking?

Regards,

Pieter

Tony,
Thank you very much for your help and advice.
Seems like your Forum is like the one at Agnitum Outpost in friendly and helpful Moderators.I appreciate that a great deal and will continue here as long as I can.
Belated New Year wishes to you and your Moderators ans Posters.

Best Regards
Tommie.

p.s Saw that 'root' has been here a long time before me!

Thank you and Welcome Pieter,
I did not have mine very long as I'm ALWAYS reading something about security and checking to see if it applies to my computer.I am relatively new to this computer thing and try to get the knowledge and help that I can.
According to Tony's List of BHO's you should also get rid of that one!

I'll be in this Forum more often this time as there is much I have to learn now.

Regards
Tommie

You're welcome, Tommy.

Pieter,

This is the very first I've seen of this Activater BHO, and I can assure you it isn't a Windows file.

Do you still have the related HKCR\CLSID\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F} key.

It's ImprocServer32 subkey will point to "its" dll, which in turn will tell you what it belongs to.

Oops, major brain fart:

Not only isn't it a Windows file, it could be an early version of this one:

CnbarIE.dll - Commonname toolbar (http://217.115.153.73/parasite/CommonName.html)


Also seen the CLSID used by HTMLedit.dll : http://www.wjjsoft.com/htmledit.html

BTW, the same object CLSID is also mentioned as an example here:

Browser Helper Objects: The Browser the Way You Want It (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebgen/html/bho.asp)

So the same CLSID could very well have been used by other companies in addition to CN.

Hi Tony,

The related CLSID is gone. It only shows up twice in my registry, the other entry is in HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility
I´ll look through my ancient Adaware logs to see if I can find anything that might have been responsible for this entry.

Computer archeology. LOL

Regards,

Pieter

First time I installed BHO Demon I actually found an orphaned Comet Cursor key there.

BHODemon never showed this one.
I think I stumbled into it, when I was trying to make a simple BHO myself and looked in the regsitry in order to find out how the entries had to be made.

Regards,

Pieter

Having used both BHODemon and BHOCop in the past, for some reason I settled with only BHODemon. I used to keep it running all the time, now I just click to check at the start of every day and if all is well
put it back to sleep. ;D

Sorry, but I entirely forgot about this thread... http://209.197.233.188/iB_html/non-cgi/emoticons/withstupid.gif

Just a little reminder that the list of All Known Browser Helper objects has moved, and can be viewed at http://www.spywareinfoforum.com/bhos/

I've also started maintaing a list of Toolbar Class ID's, which can be viewed here:

http://www.spywareinfoforum.com/toolbars/

New additions are greeted with enthusiasm! ;D

Way to go, Tony!

regards.

paul

Thanks, Paul! :) http://209.197.233.188/iB_html/non-cgi/emoticons/wavey.gif

Hi all,

You may already be aware of this, but in case you don't, instead of consulting the Sysinfo.org BHO List, may I suggest that everyone from now on use http://castlecops.com/CLSID.html ?

Sysinfo.org hasn't been updated for quite a while, and it's now woefully out of date.

Merijn is currently working on a BHOList update which will fetch the info from the CC site as well!

I have been adding dozens of new BHOs to the CC List in the past few weeks, as well as editing many definitions for existing entries....