X-Block & BHO

Discussion in 'other security issues & news' started by Rico, May 16, 2006.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Hi Guys,

    While readings Bubba's comments to CJsDad, referenced was X-Block, I could not download X-Block, & ran X-Block on line, which found the following:

    "Proventactics" Hkey_Classes_Root\AppD\BHO.dll

    I did not allow X-Block to remove as I wnated to check the folowing first, See pic.

    From the pic zonemap area indicates (4) which tells me X-block found an FP (false positive), however, the registry locations do not match. Should I allow X-block to remove or is this an FP?

    Thanks
    rico
     

    Attached Files:

    • bho.jpg
      bho.jpg
      File size:
      65 KB
      Views:
      88
  2. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Hi

    I also ran a Hijack this scan & the "02" section does not reference the above mentioned "BHO.dll or its location.

    Thanks
    rico
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    While in the registry did you find the bho.dll entry in the actual location Xblock said and do you actually find a bho.dll in your file structure ?

    Also....there are a couple of things that would cause me to initially say that is a FP.

    1) proventactics is usually associated with the ProvenTactics toolbar and it's dll is provenTactics.dll.
    2) bho.dll is associated with a number of BHO toolbars but ProvenTactics has never been one of them to my knowledge.

    As a side note....I just ran online Xblock and besides the Alexa\Related entry it also found Adware.SweetBar as a service entry of IPRIP. Well....Sweetbar does install that service so but so does the valid MS IPRIP(RIP Listener) :eek:
     
    Last edited: May 17, 2006
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,690
    Location:
    Texas
    Hi Bubba

    - Yes & the right window pane, gave the below CLSID

    Geez & I thought PestPatrol was bad for FP's

    Oh! Search for BHO.dll brings up c:\program files\techsmith\sangit8

    Thanks & Take Care
    rico
     
Loading...
Thread Status:
Not open for further replies.