X-Block & BHO

Discussion in 'other security issues & news' started by Rico, May 16, 2006.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,847
    Location:
    Texas
    Hi Guys,

    While readings Bubba's comments to CJsDad, referenced was X-Block, I could not download X-Block, & ran X-Block on line, which found the following:

    "Proventactics" Hkey_Classes_Root\AppD\BHO.dll

    I did not allow X-Block to remove as I wnated to check the folowing first, See pic.

    From the pic zonemap area indicates (4) which tells me X-block found an FP (false positive), however, the registry locations do not match. Should I allow X-block to remove or is this an FP?

    Thanks
    rico
     

    Attached Files:

    • bho.jpg
      bho.jpg
      File size:
      65 KB
      Views:
      89
  2. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,847
    Location:
    Texas
    Hi

    I also ran a Hijack this scan & the "02" section does not reference the above mentioned "BHO.dll or its location.

    Thanks
    rico
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    While in the registry did you find the bho.dll entry in the actual location Xblock said and do you actually find a bho.dll in your file structure ?

    Also....there are a couple of things that would cause me to initially say that is a FP.

    1) proventactics is usually associated with the ProvenTactics toolbar and it's dll is provenTactics.dll.
    2) bho.dll is associated with a number of BHO toolbars but ProvenTactics has never been one of them to my knowledge.

    As a side note....I just ran online Xblock and besides the Alexa\Related entry it also found Adware.SweetBar as a service entry of IPRIP. Well....Sweetbar does install that service so but so does the valid MS IPRIP(RIP Listener) :eek:
     
    Last edited: May 17, 2006
  4. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,847
    Location:
    Texas
    Hi Bubba

    - Yes & the right window pane, gave the below CLSID

    Geez & I thought PestPatrol was bad for FP's

    Oh! Search for BHO.dll brings up c:\program files\techsmith\sangit8

    Thanks & Take Care
    rico
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.