Results 1 to 4 of 4

Thread: How to manually Remove BHOs

  1. #1
    matthewforu Guest

    How to manually Remove BHOs

    Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

    You can identify a spyware program that is loaded by using BHOs. To do this, you can use the Microsoft system configuration utility (Msconfig.exe) and the Microsoft system information utility (Msinfo32.exe).

    BHOs are Component Object Model (COM) components that Microsoft Internet Explorer loads whenever it starts. BHOs run in the same memory context as the browser. BHOs can perform any action on available windows and modules.

    To manually remove BHOs, follow these steps:

    1. Click Start, click Run, type regedit , and then click OK.

    2. Locate and then double-click the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

    3. Under the Browser Helper Objects key, you may see ClassIDs (CLSIDs) that have a format that is similar to the following:

    {XXXXXXXX - XXXX – XXXX – XXXX – XXXXXXXXXXXX}

    Note CLSIDs are 128-bit numbers in hexadecimal notation that are enclosed in a pair of braces.

    4. Note the CLSID.

    5. Locate and then click the following registry subkey:

    HKEY_CLASSES_ROOT\CLSID\{ CLSID }\InprocServer32

    Note { CLSID } is the CLSID that you noted in step 4.

    6. In the right pane, double-click (Default).

    7. Click Value data to see the path of the .dll file. The path may be similar to the following:

    C:\Windows\ Program_Name .dll

    Note Program_Name can be a spyware program or a legitimate program that is using a BHO.

    8. If Program_Name is not a recognized or legitimate program, unregister the .dll file, and then remove the { CLSID } subkeys. To do this, follow these steps:

    a. At a command prompt, type the following command to unregister the .dll file:

    regsvr32 -u Path \ Program_Name .dll

    Note Path is the path of the Program_Name .dll file that is contained in the Value data box in step 7.

    b. Locate and then delete the following { CLSID } registry subkeys:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\CLSID\{ CLSID }

    • HKEY_CLASSES_ROOT\CLSID\{ CLSID }

    Note { CLSID } is the 128-bit number that you noted in step 4.

    9. Exit Registry Editor.

    10. Restart the computer

  2. #2
    Join Date
    Aug 2006
    Posts
    106

    Re: How to manually Remove BHOs

    Thread Moved.
    Watch LATEST TECH NEWS AND TIPS to enhance your computer skills.

    Knowledge is universal and must be shared by all, exchanges enrich us

  3. #3
    Join Date
    Apr 2008
    Posts
    392

    Re: How to manually Remove BHOs

    Use the Ad Aware program along with SpyBot Search and Destroy to scan your computer. You should also use a good virus scanner to scan the whole unit. I suggest that you use an online scanner too. Trend Micro has a good online scanner which is absolute free.

    Ad-Aware and SpyBot Search tries to Destroy and thus can be easily located on the web using Yahoo or Google search engines. – free

  4. #4
    Join Date
    Apr 2008
    Posts
    586

    Re: How to manually Remove BHOs

    Instructions For destroying Win32.BHO.gok manually.

    Trojan horse installs itself in background as a browser helper object (BHO). As a BHO it starts along the Internet Explorer and is able to control the Internet Explorer's connections without user consent.

    Please use Windows Explorer or another file manager of your choice to locate and delete these files.

    The file at <$SYSTEM DIRECTORY>\<$REGMATCH1>.dll.

    Make sure you set your file manager to display hidden and system files. If Win32.BHO.gok uses root kit technologies, use our Root Analyzer or our Total Commander anti-root kit plug ins.

    You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!


    You can use regedit.exe to locate and delete these registry entries.

    Delete the registry key [2A8D06B4-1B40-009F-E531-629A59080F43] at HKEY_CLASSES_ROOT\CLSID\.

    Delete the registry key [2A8D06B4-1B40-009F-E531-629A59080F43] at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\.

    Delete the registry value [2A8D06B4-1B40-009F-E531-629A59080F43] at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Explorer\Shell Execute Hooks\.

    Remove <regexpr><$SYSTEM DIRECTORY>\\(\S[4,8])\.dl from registry value at HKEY_CLASSES_ROOT\CLSID\[2A8D06B4-1B40-009F-E531-629A59080F43]\InprocServer32\.

    If Win32.BHO.gok uses root kit technologies, use our Reg Analyzer, Root Analyzer or our Total Commander anti-root kit plug ins.

Similar Threads

  1. How to manually remove WinDVD 9?
    By - Empty Shell - in forum Windows Software
    Replies: 4
    Last Post: 11-12-2009, 10:33 PM
  2. Manually remove WSUS 3.0
    By prafullanayana in forum Server Update Service
    Replies: 1
    Last Post: 12-08-2009, 09:33 PM
  3. How to manually remove printer drivers
    By GeforceUser in forum Hardware Peripherals
    Replies: 3
    Last Post: 10-07-2009, 07:44 PM
  4. Manually Remove WSUS 3
    By kyosang in forum Server Update Service
    Replies: 4
    Last Post: 02-07-2008, 03:38 PM
  5. Remove XP setup files manually?
    By inquiringmind555@gmail.com in forum Windows XP Support
    Replies: 7
    Last Post: 09-12-2007, 01:49 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,710,845,022.93810 seconds with 16 queries