Windows Thread, BHO.DLL - anyone know why this is in "My Documents" in Technical; Recently we have noticed that in the Root of students and staff "My Documents" redirected to drive u: there is ...
18th December 2009, 12:45 PM #1
- Rep Power
BHO.DLL - anyone know why this is in "My Documents"
Recently we have noticed that in the Root of students and staff "My Documents" redirected to drive u: there is a file bho.dll of varying size and date stamps. A Google search suggests that it usually is used as spyware/adware. After deleting it the next day it is regenerated. I assume it may be the activity of one of our network applications but no idea which.
Does anyone know anything about this?
18th December 2009, 12:51 PM #2
18th December 2009, 12:57 PM #3
- Rep Power
Thanks for links
Thanks for links, which I had previously read in my Google searches, but what I am hoping to find out is what activity/activities are occuring that causes the creation of this file. It appears in student, teacher, parent and our tech accounts which is why I was wondering if it was a network apps action.
I would like to identify the source of its creation and know if I can ignore it or what action I may need to take to stop it occuring in the future.
18th December 2009, 05:55 PM #4
Found a lot of these recently relating to varying installations of stuff like MyWebSearch toolbars - not in My Documents though, that's a new one on me. Keep us posted though please.
18th December 2009, 06:25 PM #5
I would guess after deleting the file and then re-logging on to an infected workstation the file would reappear. I take it you have tried a full virus scan / adaware scan on a test PC to try this?
18th December 2009, 06:41 PM #6
What you could do is run MalwareBytes on your server to get rid of all the BHO.DLL files which are appearing in user redirected documents.
Unfortunately it's then a case of some detective work; either scan a handful of machines (again with Malwarebytes) or start re-imaging workstations you suspect may be the source of the problem. In the circumstances I'd be more inclined to re-image machines. It's probably quicker and you're guaranteed if anything's there it should get deleted in the process.
18th December 2009, 08:02 PM #7
Are you running Impero on your workstations?
13th January 2010, 11:13 AM #8
- Rep Power
Thanks for the last suggestion about Impero.
This was initially denied by Impero to be the cause, but removing the client removed the generation of the dll file, re-installing the client caused the dll file to be re-generated. I sent off clear logs and Impero accept the info, but in fairness they had prepared a unique build for us to fix a problem and the beta process of placing a dll file was still within the code.
I am now not worried about this file, but waiting on a client update so I can remove it across all users home directories.
Thank you to everyone for your feedback. Sorry it took so long to update.
Last edited by StewartBondi; 13th January 2010 at 12:22 PM.
By skenmy in forum Windows
Last Post: 5th February 2009, 02:14 PM
By timbo343 in forum Windows
Last Post: 22nd September 2008, 04:22 PM
Last Post: 12th September 2007, 02:18 PM
Last Post: 28th September 2006, 08:06 PM
By secman in forum Windows
Last Post: 14th February 2006, 12:56 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)