IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Spyware found - is it dangerous?, "Partner BHO"
Gaius Flavius Gr...
post 24.07.2009 02:31
Post #1


Member
**

Group: Members
Posts: 12
Joined: 24.07.2008
From: Netherlands




Dear all,

I just found 12 spyware under the name "Partner BHO" or "PartnerBHO" in a brand new Toshiba laptop.
The spyware were only found by Spybot which I only use occasionally.

Any ideas how harmful they can be?
A search on the internet and the Kaspersky forum did not help alot.

This post has been edited by Gaius Flavius Grecus: 24.07.2009 02:32


--------------------
Gaius Flavius Grecus
Go to the top of the page
 
+Quote Post
richbuff
post 24.07.2009 04:38
Post #2


Oldtimer
****************

Group: Moderators
Posts: 48921
Joined: 14.06.2007




Please post the full detection details.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Gaius Flavius Gr...
post 25.07.2009 02:43
Post #3


Member
**

Group: Members
Posts: 12
Joined: 24.07.2008
From: Netherlands




Dear richbuff and everybody,

I believe this is the full report that you requested. Any ideas now as to what these are?



--- Search result list ---
PartnerBHO: [SBI $2FE4A5BE] Application ID (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}

PartnerBHO: [SBI $BE743C00] Application ID (Registry key, fixed)
HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll

PartnerBHO: [SBI $F3EE08ED] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho

PartnerBHO: [SBI $14904C60] Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1

PartnerBHO: [SBI $14904C60] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1

PartnerBHO: [SBI $14904C60] Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Browser helper object (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho

PartnerBHO: [SBI $6B47FF4E] Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-05-19 Includes\Adware.sbi (*)
2009-07-14 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-07-14 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-14 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-07-14 Includes\Malware.sbi (*)
2009-07-14 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-14 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-14 Includes\Trojans.sbi (*)
2009-07-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--------------------
Gaius Flavius Grecus
Go to the top of the page
 
+Quote Post
richbuff
post 25.07.2009 04:46
Post #4


Oldtimer
****************

Group: Moderators
Posts: 48921
Joined: 14.06.2007




That comes pre installed on some new PCs. Remove or keep, either way is ok.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Gaius Flavius Gr...
post 26.07.2009 01:27
Post #5


Member
**

Group: Members
Posts: 12
Joined: 24.07.2008
From: Netherlands




Thanks very much richbuff. Much appreciated.


--------------------
Gaius Flavius Grecus
Go to the top of the page
 
+Quote Post
Tres Juicy
post 3.09.2009 13:38
Post #6


Newbie
*

Group: Members
Posts: 1
Joined: 3.09.2009




QUOTE(Gaius Flavius Grecus @ 25.07.2009 22:27) *
Thanks very much richbuff. Much appreciated.


so, these are not harmful?
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 2.09.2014 00:58