Problem with Spywareguard removal of bho

Discussion in 'SpywareBlaster & Other Forum' started by joyjg, Jun 9, 2006.

Thread Status:
Not open for further replies.
  1. joyjg

    joyjg Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    2
    I got this detection alert from spywareguard

    NEW BHO DETECTION ALERT
    On 21:16:26 06/08/2006 a new BHO installation attempt was detected.
    BHO: {44a62fb0-4af0-454e-8c37-5c59b36f8483}
    ProgramID: n/a
    File Location: C:\WINDOWS\system32\esenart.dll
    User Action Taken: REMOVE BHO

    I took the user action remove bho ten times before I finally gave up and allowed it to keep the bho. I just kept getting the same alert every time I requested it remove the bho. Anyone seen this behavior on spywareguard before? Also anyone familiar with this particular bho? Thanks in advance for any help. Joyjg
     
    Last edited: Jun 9, 2006
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,355
    Location:
    The Netherlands
    Random filename as well as CLSID by the looks of it, so impossible to say offhand what it could be.

    I do assume you already tried removing the BHO with all IE windows closed?

    It could have other files associated with it that prevent it from being deleted. I suggest you go to one of the boards that specialize in malware removal and post a HijackThis log, so that folks can advise you how to go about cleaning that machine.

    Here are two very good ones that aren't quite as busy as the 'big' names:

    http://www.bleepingcomputer.com/forums/index.php?
    http://gladiator-antivirus.com/forum/index.php?act=idx
     
  3. joyjg

    joyjg Registered Member

    Joined:
    Jun 9, 2006
    Posts:
    2
    Thanks Tony, I will post a hijackthis log on one of those and see if anyone has seen this particular bho. Joy
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,355
    Location:
    The Netherlands
    np - good luck! :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.