New BHO detected?

Discussion in 'SpywareBlaster & Other Forum' started by mapsonx, Dec 26, 2002.

Thread Status:
Not open for further replies.
  1. mapsonx
    Offline

    mapsonx Registered Member

    I launched BHB and got the "New BHO detected" screen.

    It stated that the new BHO object was located in "c:\windows\downloaded program."

    I assumed it was referring to "C:\WINDOWS\Downloaded Program Files."

    Of the seven items in "C:\WINDOWS\Downloaded Program Files", none of the class ID's matched the one given by BHB.

    I ran BHO COP & it told me the BHO with the corresponding BHB reported class ID "{AA58ED58-01DD-4d91-8333-CF10577473F7}, was for the “Google Toolbar Helper”, "C:\WINDOWS\GoogleToolbar.dll."

    I had a google related ActiveX control in "C:\WINDOWS\Downloaded Program Files.", but the class ID was different.

    It’s properties listed it as damaged, so I removed the Google toolbar, deleted the ActiveX Control from "C:\WINDOWS\Downloaded Program Files", and reinstalled the Google toolbar.

    I relaunched BHB, & this time it reported the same object with the same class ID {AA58ED58-01DD-4d91-8333-CF10577473F7}, but now listed the location as "C:\WINDOWS\GoogleToolbar.dll”.

    "C:\WINDOWS\Downloaded Program Files" now contains a new Google ActiveX Control with a different classID than the damaged one, but is again also different than the one reported by BHB.

    I searched the registry for {AA58ED58-01DD-4d91-8333-CF10577473F7} but came up with nothing.

    SpyBot comes up with nothing.

    1. Should I just ignore it?

    2. It would be very helpful & make things a lot easier to check out if the pertinent information on the BHB alert screen was copyable.

    Thx

    - J - :D
  2. snowman
    Offline

    snowman Guest

    What does BHB stand foro_O

    The <google toolbar> is listed in javacool's spyblaster program so it can't be good.......
  3. snowman
    Offline

    snowman Guest

    a quick search reveals that the g toolbar is comet cursor related.......some say its not spyware....to each his own....it will never be on my os........anything even remotely related to comet cursor will never be on my os...I don't even like typing that name.....
  4. mapsonx
    Offline

    mapsonx Registered Member

    Browser Hijack Blaster
    First time I'm hearing of a Google connection to comet cursor.

    All I can tell ya is that it never shows up in either Adaware or SpyBot, two pretty good indicators of spyware.
    I don't see any reference whatsoever to Google in the Spyblaster list.
  5. TonyKlein
    Offline

    TonyKlein Security Expert

    There's no relation between Google and Comet Cursor, and Google isn't on anyone's spyware list either.

    Google is however now installing a BHO with its toolbar, which is something it never did before.

    And it is indeed this one: {AA58ED58-01DD-4d91-8333-CF10577473F7}: Googletoolbar.dll

    And when searching your registry for it, you ought to find two instances of it (oir you wouldn't have the BHO)

    The first one is where it ought to be, in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects, and the second one is obviously the corresponding CLSID in HKEY_CLASSES_ROOT\CLSID.

    Now why Google is installing a BHO< I don't know. It didn't use to before, and the Toolbar works perfectly fine without it.

    As a matter of fact, I yanked out the Registry entries for that BHO, and all is well.

    It says in the Google FAQ, that the Google Toolbar automatically updates itself when a new version is available, which is something else it didn't use to do before

    I've even e-mailed Google to enquire about its purpose, but so far unfortunately they haven't deigned/found the time to reply to my e-mail message.

    It could all be perfectly harmless, but I'm curious al the sane.

    I'd advise everyone to disable the BHO with BHO Demon or BHO Cop, at least until more becomes known.

    The toolbar won't lose any of it's functionality if you do, and I will certainly continue to use it. I love it!

    BTW, you'll find that BHO on my BHO list:

    http://www.wilderssecurity.com/showthread.php?t=4164
  6. snowman
    Offline

    snowman Guest

    A copy & paste from spywareinfoforum.com


    From time to time, someone asks why the> Google search bar< is not targeted as spyware. It works similarly to other toolbars which are targeted as spyware (Comet Cursor, Search-Explorer, Alexa, etc) by Ad-aware, Spybot, Aluria, and other spyware removal tools. Jamie Rosen, founder of Cometsystems (Comet Cursor) had this to say about it while trying to make the case that Comet Cursor should no longer be targeted by Ad-aware:

    Google has a feature in its toolbar called page rank that ranks pages as you visit them. Not surprisingly, it requires the software to send every url you visit to google. That sounds alarming. But so long as you can turn it off and so long as the company makes it clear that it's not saving this information to profile you, it isn't necessarily an insidious thing. Some users want these so-called connected services -- they can be quite cool and useful.

    Let me explain what is different about the Google toolbar that keeps it from being targeted as spyware like many other third party toolbars. Google uses its page rank system to make its search engine more useful, as opposed to using it to gather information about you to sell you tailored advertisements. You are not a source of income to Google.com, except as a site visitor looking at the same ads everyone else sees, toolbar or no toolbar.

    Google goes to great lengths to explain that, in their own words, there may be privacy issues with some of the features, and provides an alternate download where those features are disabled. You have to go out of your way to find and activate those features. Contrast this behavior to some other toolbar makers who use activex to spread like trojans, gather statistical data on the user to present them with "more relevent special offers", forcibly reset browser settings, and make it damned hard to remove.

    Google does make money on it in a roundabout way, because these features make their search engine more accurate and useful, which makes more people likely to use it and click the ads they sell on the site. The ads, by the way, are determined by the keywords you search for, NOT where you've been surfing, unlike many of the other toolbars. You'd see the same ads with or without the toolbar installed.

    So, is the Google toolbar spyware? No, it is not

    ***********************************************


    Now I could honest care less about what anyone thinks about <comet cursor>.....what I consider it to be is my own opinion which is not being pushed on anyone. An I repeat..NOTHING related to <comet cursor> will ever be on my computer intentionally.

    you guys do whatever your heart desires.

    snowman
  7. snowman
    Offline

    snowman Guest

    If I am mis-understanding something here I would actually appreciated being corrected......its my understanding the THE ADD_ON "google toolbar" has a relationship with comet cursor.............repeat: the add-on toolbar. If this is icorrect please advise me an if there IS NOT RELATIONSHIP to comet cursor my opinion will change accordingly.


    snowman
  8. TonyKlein
    Offline

    TonyKlein Security Expert

    I just told you so... :rolleyes:

    I just about live at the Lavasoft, Spywareinfo, and SpyBot boards, and I can assure you that noone of any standing there seriously considers Google as being spyware, or as having any relation with companies proven to distribute spyware.

    If serious allegations should arise, I can asure you that everyone there will rush to investigate, and I'm sure you'll hear about it, should that occur.
  9. snowman
    Offline

    snowman Guest

    TONY

    owe you an apology....an its given sincerely...yes you did state that in your post.....an oversight on my part...much sorry...

    I do not at all mind being corrected in such matters....an yes if appreciate correction.........as you may notice I have a dislike of comet cursor an tend to get excite at the mention of its name.

    thank you TONY......wishing you the best of days.

    snowman
  10. TonyKlein
    Offline

    TonyKlein Security Expert

    Hey, don't worry! ;)

    These things happen to everyone.

    And I can certainly assure you that I share your dislike of Comet Cursor. :p
  11. snowman
    Offline

    snowman Guest

    Tony, thank you for your understanding.....kicking myself for not having read your first post correctly LOL

    an for the record.....Tony you always have my utmost respect in matters such as this.........all to often thats not said enough to the devoted people who give their time and skill so un-selfishly in maters of computer privacy.

    from me to you.....thanks Tony

    snowman
  12. mapsonx
    Offline

    mapsonx Registered Member

    Hey Tony
    Yep, those reg entries were right where you said they would be. Don't know why I couldn't locate them on my initial search. Probably off by a letter or number.

    A perfect example of why I wished for the ablility to copy info directly from the BHB alert page, the need for which is accentuated when dealing with those long CLSID's.

    Ditto on the passion for the Google toolbar. Happy to discover the BHO can be dealt with so benignly. :cool:

    Since BHB was installed after the toolbar, evidently the Google autoupdate you reminded of is the origin of {AA58ED58-01DD-4d91-8333-CF10577473F7}, & why BHB reported a change. Curious to discover it's mysterious function.

    Instead of removing it with BHB, I'll follow your suggestion by disabling it with BHO Demon & keep my eye out for further developments.

    BTW, Xlnt BHO list.

    Many thanks for your time & knowledge

    - J - :D
  13. TonyKlein
    Offline

    TonyKlein Security Expert

    You're welcome.

    As I said, the Google BHO might well be, and probaly is totally harmless, but I'm a little disappointedthat Google still hasn't reacted to my query about it... :rolleyes:
Thread Status:
Not open for further replies.