Problem with Spywareguard removal of bho

Discussion in 'SpywareBlaster & Other Forum' started by joyjg, Jun 9, 2006.

Thread Status:
Not open for further replies.
  1. joyjg

    joyjg Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    2
    I got this detection alert from spywareguard

    NEW BHO DETECTION ALERT
    On 21:16:26 06/08/2006 a new BHO installation attempt was detected.
    BHO: {44a62fb0-4af0-454e-8c37-5c59b36f8483}
    ProgramID: n/a
    File Location: C:\WINDOWS\system32\esenart.dll
    User Action Taken: REMOVE BHO

    I took the user action remove bho ten times before I finally gave up and allowed it to keep the bho. I just kept getting the same alert every time I requested it remove the bho. Anyone seen this behavior on spywareguard before? Also anyone familiar with this particular bho? Thanks in advance for any help. Joyjg
     
    Last edited: Jun 9, 2006
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Random filename as well as CLSID by the looks of it, so impossible to say offhand what it could be.

    I do assume you already tried removing the BHO with all IE windows closed?

    It could have other files associated with it that prevent it from being deleted. I suggest you go to one of the boards that specialize in malware removal and post a HijackThis log, so that folks can advise you how to go about cleaning that machine.

    Here are two very good ones that aren't quite as busy as the 'big' names:

    http://www.bleepingcomputer.com/forums/index.php?
    http://gladiator-antivirus.com/forum/index.php?act=idx
     
  3. joyjg

    joyjg Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    2
    Thanks Tony, I will post a hijackthis log on one of those and see if anyone has seen this particular bho. Joy
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    np - good luck! :)
     
Thread Status:
Not open for further replies.