Adding CLSID's to "customblocking"

i want some advice on adding "CLSID's" to SB's "customblocking", please..

if i look at "smitfraudfix", i see that it removes some "bad" "CLSID's".. here is a link for smitfraudfix's "changelog":

http://siri.urz.free.fr/Fix/ChangeLog.php

let's say that i take the cue from "smitfraudfix" and want to add some of the "bad" "CLSID's" from smitfraudfix's "changelog" to SB's "customblocking".. which "CLSID's" would i want to add to SB's "customblocking"? would i add the BHO-CLSID's that i see there? or both the "BHO-CLSID's" and the "toolbar-CLSID's"? or, both, those and others, too? what do the "pro's" think?

let's look at the latest addition to smitfraudfix's changelog, for example.. here is what it shows:

%WINDOWS%\binret.exe
%WINDOWS%\ttvbon.dll
%WINDOWS%\leosrv.dll
%WINDOWS%\hjoqor.dll
%WINDOWS%\xcvwer.dll
O2 - BHO: BDEX System - {7875DBFF-6B8A-4B74-B8A2-E2DBF657CA03} - C:\WINDOWS\ttvbonfvm.dll
O3 - Toolbar: The leosrv - {14E52265-CCA3-4F78-A21B-88F4EE6E78C1} - C:\WINDOWS\leosrv.dll
O21 - SSODL: hjoqor - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\hjoqor.dll
O21 - SSODL: xcvwer - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\xcvwer.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7875DBFF-6B8A-4B74-B8A2-E2DBF657CA03}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E9078DA-0C69-47B0-9637-2734104BD217}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EBAAB89-A5CD-40C4-A0AB-3275317351D1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEC8AD62-3D64-4F7B-B24D-2C785AE5449B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{372685AA-9F61-43F5-BEBA-A60900E228EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5328D226-7057-4B06-9E4A-7829BFA7CA78}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\leosrv.bkwo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\leosrv.ToolBar.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7875DBFF-6B8A-4B74-B8A2-E2DBF657CA03}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hjoqor"=-
"xcvwer"=-


%WINDOWS%\mscfg32.dll


%SYSTEM%\gnjsjc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c770fbc-cc2f-4acd-93e8-e6f0594307fd}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5c770fbc-cc2f-4acd-93e8-e6f0594307fd}"="cariniana"
--------------------------------------------------------------

which of the "CLSID's" listed above, from smitfraudfix's changelog, would i want to add to SB's "customblocking list"?

incidentally, i wish that javacool would get together with tony klein, with his "CLSID" list, and add a lot of the bad "CLSID's" from tony's "CLSID list" to SB's "CLSID-killbit databases"..

http://www.castlecops.com/CLSID.html

 

From the first group I'd just add the two toolbar and BHO CLSIDs .

And you could add the SharedTaskScheduler CLSID

We already submit all 'bad' CLSIDs we add to Javacool, and in turn he adds most of them to the SB database.

I have to add this as well as some other current malware in particular now change very rapidly indeed. New versions are being pushed out several times a day, so it really is very hard to keep current...

Incidentally, if you're into adding custom CLSIDs, there's also a Finnish guy maintaining an extensive SB file: http://koti.mbnet.fi/pattaya1/customblocking.txt

 

thanks tony..

i think i have finally figured out how i can "search" your "CLSID list" for "bad" clsid's..