Spyware CLSID

Discussion in 'SpywareBlaster & Other Forum' started by Paragon, Jun 9, 2003.

Thread Status:
Not open for further replies.
  1. Paragon

    Paragon Guest

    This one installed silently (possibly due to IE misconfiguration) so I don't have a screenshot.
    CLSID: 3B99F202-145A-4E5A-AC7B-88A36910BF5E
    Name: e2g Plugin
    Location: C:\E2G\IeBHOs.DLL

    It adds an entry in the Add/Remove programs dialog to remove it
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Paragon,

    Are you sure about the CLSID?
    It sure looks a lot like: O {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}: IeBHOs.dll - E2Give
    I found here: http://www.spywareinfoforum.com/bhos/

    Do you have a sample?

    Regards,

    Pieter
     
  3. Paragon

    Paragon Guest

    Looks like I found a variant. Same spyware, different CLSID. The CLSID was copy & pasted, so it's correct.
    The E2G folder contained only a merchants.txt file, and the DLL file. Is this what you mean by a sample?
    I don't see the option to upload them.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi paragon,

    Could you please send the dll to the e-mailaddress that is in my profile?
    I´ll see to it that the anti-spyware-programmers get a copy.

    TIA,

    Pieter
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Paragon,

    Thank you for all the trouble you went through to get that file to me. I´ll pass it on to the undoubtedly interested parties.

    Regards,

    Pieter
     
  6. Paragon

    Paragon Guest

    No problem. I just hope to see it in the database soon. :)
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Paragon, :)

    I hate to disappoint you, but it already is.
    You must have misread the CLSID somehow. It had the one I mentioned in my first post. o_O

    Regards,

    Pieter
     
  8. Paragon

    Paragon Guest

    Not so. The one it used on my system is the one I posted. I copy & pasted right from my registry.
    And if it's already blocking it, then how did I get it?
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Paragon,

    I doublechecked and attached an image of what Reshack tells me.

    Regards,

    Pieter
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.