Alert! Be on the lookout for "sthhcrooxea"

Discussion in 'privacy problems' started by trparky, Dec 29, 2003.

Thread Status:
Not open for further replies.
  1. trparky

    trparky Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    29
    Alert! Be on the lookout for "sthhcrooxea", it is an IE Toobar distributed with MSN Messenger Plus as an optional component.

    How did I get it? Dan, my brother, unexpectedly and unknownly installed it on one of our computers which was part of the MSN Messenger Plus setup routine that installed a Search bar in Internet Explorer and pops up ads every once in awhile.

    Anyways, the file is called "prjgroasheap.dll" and the CLSID code is "1f1562db-d22a-4fb3-b643-39bdf53b00f7".

    Anyways, I removed it with the help of HyjackThis.
     
  2. trparky

    trparky Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    29
    Also, the following...

    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - AproposPlugin.dll

    O2 - BHO: (no name) - {edfb1a41-60fc-4ade-ac34-76a20cea2578} - prjgroasheap.dll
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi trparky,

    The prjgroasheap.dll with the CLSID code is {1f1562db-d22a-4fb3-b643-39bdf53b00f7} and {edfb1a41-60fc-4ade-ac34-76a20cea2578} - prjgroasheap.dll are very likely completely random filenames and CLSID's and due to a lop.com infection.

    The Apropos BHO is a new variant of this one: http://www.doxdesk.com/parasite/AproposMedia.html

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.