+ Post New Thread
Results 1 to 8 of 8
Windows Thread, BHO.DLL - anyone know why this is in "My Documents" in Technical; Recently we have noticed that in the Root of students and staff "My Documents" redirected to drive u: there is ...
  1. #1

    Join Date
    May 2008
    Location
    Exeter
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    BHO.DLL - anyone know why this is in "My Documents"

    Recently we have noticed that in the Root of students and staff "My Documents" redirected to drive u: there is a file bho.dll of varying size and date stamps. A Google search suggests that it usually is used as spyware/adware. After deleting it the next day it is regenerated. I assume it may be the activity of one of our network applications but no idea which.

    Does anyone know anything about this?


  2. #2

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,395
    Thank Post
    601
    Thanked 2,171 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630
    bho.dll - bho.dll - DLL Information

    bho.dll - What is bho.dll?

    Uh oh! Looks like you've some work to do!

  3. #3

    Join Date
    May 2008
    Location
    Exeter
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Thanks for links

    Thanks for links, which I had previously read in my Google searches, but what I am hoping to find out is what activity/activities are occuring that causes the creation of this file. It appears in student, teacher, parent and our tech accounts which is why I was wondering if it was a network apps action.

    I would like to identify the source of its creation and know if I can ignore it or what action I may need to take to stop it occuring in the future.

    Thanks


  4. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,974
    Thank Post
    584
    Thanked 1,021 Times in 786 Posts
    Blog Entries
    15
    Rep Power
    465
    Found a lot of these recently relating to varying installations of stuff like MyWebSearch toolbars - not in My Documents though, that's a new one on me. Keep us posted though please.

  5. #5

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,207
    Thank Post
    372
    Thanked 378 Times in 336 Posts
    Rep Power
    148
    I would guess after deleting the file and then re-logging on to an infected workstation the file would reappear. I take it you have tried a full virus scan / adaware scan on a test PC to try this?

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    What you could do is run MalwareBytes on your server to get rid of all the BHO.DLL files which are appearing in user redirected documents.

    Unfortunately it's then a case of some detective work; either scan a handful of machines (again with Malwarebytes) or start re-imaging workstations you suspect may be the source of the problem. In the circumstances I'd be more inclined to re-image machines. It's probably quicker and you're guaranteed if anything's there it should get deleted in the process.

  7. #7

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35
    Are you running Impero on your workstations?

  8. #8

    Join Date
    May 2008
    Location
    Exeter
    Posts
    7
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    BHO.DLL

    Thanks for the last suggestion about Impero.

    This was initially denied by Impero to be the cause, but removing the client removed the generation of the dll file, re-installing the client caused the dll file to be re-generated. I sent off clear logs and Impero accept the info, but in fairness they had prepared a unique build for us to fix a problem and the beta process of placing a dll file was still within the code.

    I am now not worried about this file, but waiting on a client update so I can remove it across all users home directories.

    Thank you to everyone for your feedback. Sorry it took so long to update.

    Stewart
    Last edited by StewartBondi; 13th January 2010 at 11:22 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 5
    Last Post: 5th February 2009, 01:14 PM
  2. Remove links to "my Recent Documents"
    By timbo343 in forum Windows
    Replies: 5
    Last Post: 22nd September 2008, 03:22 PM
  3. Replies: 1
    Last Post: 12th September 2007, 01:18 PM
  4. Replies: 6
    Last Post: 28th September 2006, 07:06 PM
  5. Redirecting "My Documents" Not Working!
    By secman in forum Windows
    Replies: 7
    Last Post: 14th February 2006, 11:56 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •