Alert! Be on the lookout for "sthhcrooxea"

Discussion in 'privacy problems' started by trparky, Dec 29, 2003.

Thread Status:
Not open for further replies.
  1. trparky

    trparky Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    29
    Alert! Be on the lookout for "sthhcrooxea", it is an IE Toobar distributed with MSN Messenger Plus as an optional component.

    How did I get it? Dan, my brother, unexpectedly and unknownly installed it on one of our computers which was part of the MSN Messenger Plus setup routine that installed a Search bar in Internet Explorer and pops up ads every once in awhile.

    Anyways, the file is called "prjgroasheap.dll" and the CLSID code is "1f1562db-d22a-4fb3-b643-39bdf53b00f7".

    Anyways, I removed it with the help of HyjackThis.
     
  2. trparky

    trparky Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    29
    Also, the following...

    O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - AproposPlugin.dll

    O2 - BHO: (no name) - {edfb1a41-60fc-4ade-ac34-76a20cea2578} - prjgroasheap.dll
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi trparky,

    The prjgroasheap.dll with the CLSID code is {1f1562db-d22a-4fb3-b643-39bdf53b00f7} and {edfb1a41-60fc-4ade-ac34-76a20cea2578} - prjgroasheap.dll are very likely completely random filenames and CLSID's and due to a lop.com infection.

    The Apropos BHO is a new variant of this one: http://www.doxdesk.com/parasite/AproposMedia.html

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.