BHO-Browser helper objects

What is a BHO?
BHO stands for Browser Helper Object.This is a small program, usually a DLL file, originally developed to enhance or customise the features of the Internet Explorer.Whenever a BHO is installed, this is registered in Windows Registry. When Internet Explorer is started, it checks the Registry for the entries of BHOs (which indicates the installation of BHO), these entries are known as CLSID's.
So, whenever the Internet Explorer is opened, the BHO is instantiated (created), and then this BHO has full access to the Page that is bieng viewed.
For example, if you have Google Toolbar, it installs a BHO, through which it can provide functions such as "Search within the Page", "Auto Fill", "Page Info" etc. Another one,a BHO from Adobe Acrobat Reader, which enables to open .pdf directly in the IE windows itself or Downloading Softwares such as DAP, DEX will create one BHO to integrate with IE and to catch the Clicks on the download link.
So, using BHOs IE can be tweaked so that, it will be one mean browser....

If BHO enhance the functionality of IE, then why is it avoided?
Now, time for some bad news about BHO.
Windows does not provide any direct way to see the installed BHOs.This adds some amount of stealth capability to the BHOs.Actually, if we know the CLSIDs, we can view the installed BHOs through Registry using tools such as RegCleaner.
Due to this stealthy nature of the BHOs, it provides an easy way for Spywares, Adwares, Trojans or Viruses to attack.Lets see the effects of these bad programs on IE and your Computer.

Some Spywares add a BHO without the knowledge of the user.So what happens is, whenever IE is opened that SpywareBHO will run and it keep an eye on what you do in that browsing session.It can monitor, what pages do you visit frequently, which services are used by you etc.Even worse case is that, they can hijack the Browser, that is they can chnge the Default or Search page, and they can not be easily recovered.
Adwares go one step furthur and they can bring you PopUp Ad's or Bad tasted Webpages randomly or they even can bring you context sensitive Ad's, that is Ad's based on the content of the Web pages you were viewing.
Trojans/Viruses can contact thier creator's website and download latest version of Trojans to your system.

If you see any HijackThis Log of Spyware/Trojan affected system, you will certainly see some BHOs, which will have links to suspicious Websites and also they will have links to download some files.
So, in all the cases, your privacy is at stake and your computer/data is at risk.

Since BHOs have virtually full access to the system, they can do anything.Some improperly coded or deliberately coded can cause Runtime Errors or Illegal Operation errors.
From Windows 98 onwards, MS has extended the support for BHOs to not only IE but also Windows Explorer. As you might be knowing Windows Explorer (Explorer.exe) is THE application that should be running anytime to use Windows.If any bad BHOs are installed, then they will get loaded whenever Explorer.exe starts.This is certainly not desirable.

What to do?
BHOs can be removed manually or by using any tools.
Manual removal can be done in two ways:-
1]By renaming the DLL file corresponding to the BHO which is to be disabled.
2]By deleting the DLL file and removing CLSID entry in the Registry.
We can make use of HijackThis to know the installed BHOs and delete thier Registry entries and then we can delete the DLL file associated with it.
A typical CLSID and DLL file of a BHO (Google Toolbar, in this case ) is shown here,
"CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7}
DLL File= c:\program files\google\googletoolbar1.dll

But, using some tools BHOs can be directly dealt with.There are many tools to view the BHOs installed in the system directly.Some of them are BHODemon, BHOInfo.These tools list all the BHOs present in the system, so that user can decide which one to keep or remove.
A popular tool is BHODemon, which runs in System Tray ,and scans for existing BHOSs and continuously monitor the system for any BHO installs.It provides the list of installed BHOs, and it also has some extra inforamtion about the most common good and not-so-good BHOs, so any new user can know about them.

Conclusion
So, BHOs are powerful means through which anything can be done, be it good or bad.
So be careful, while browsing, while installing suspicious looking softwares etc.Upadate AntiViruses regularly and run full system scans.

An Unofficial guide to spywares and online safety ..

What are spywares ?
Spywares are programs that get installed on your computer without your knowledge and collect data about your usage patterns like what sites you visit, what programs you run, even your personal details like age, gender and financial details too : all those things that can be useful for a marketing company to send you customized advertising. These programs send this data back to their websites where they are given to spammers and advertisers. All these things happen without the user's knowledge and that is the most ironical point of the story.

Categories of spywares:

Adwares:
Adwares usually monitors your usage patterns and show you ads corresponding to them. Adwares are usually installed as freewares and it is quoted in their EULA (End User License Agreement) that the program will show relevant ads.
Many of the adwares are freeware version of programs which are availible as paid versions. Examples of these programs : Opera, Divx, Download Accelerator Plus, Flashget etc. While these programs specifically tells the user that they can upgrade to their paid version if they dont want to get these advertisements but not every adware is like that.

Browser Hijackers:
This is a broad category in which parasites like home page hijackers and search hijackers can be included.
Home page hijackers change the start page of the user's browser to some specific sites and some notorious of these are very difficult to remove.
Search hijackers change the search behaviour of the user's browser and when user searches for something on the Internet, these search sites give them the results.

Usually both of the hijackers stated above work on clickthrough systems. Here they are affiliates to other companies which give them money according to the hits they recieve through them. So, the ultimate goal of hijackers is to make the users click on the links through which they earn their revenue. As this is a difficult task, the program authors go extreme ways to achieve it and create difficult to remove parasites. Recent examples of such parasite are CoolWebSearch and AboutBlank.

Dialers:
Dialers are programs that promise to make some "premium content" availible to the users by making calls through them. All their objective is to make the users dial the number which are usually long distance numbers of their affiliates.

Tracking Cookies:
Cookies were meant to be used for customizing the websites according to the user's preferences. But marketing companies found another use of them. This useful feature is being abused by marketing companies by putting "third party cookies". Third party cookies means cookies stored by websites other than you are visiting - most often put through banners and ad rotators. These cookies can keep track of what sites you visit that contains their ads.

Keyloggers:
Keyloggers arent thankfully installed by marketing companies. Usually they are installed by some trojans or hackers. Here hackers refer to those breed of computer users who use such programs to break into other's computers to steal passwords or to destroy those systems. These programs monitor each keypress on your system and keep track of them and send it back to their originators. There are many sophisticated keyloggers which have their own SMTP engine to mail back the tracking records.

>Sources of Spywares:
How do these programs get installed ?
These programs are usually installed as bundled with other programs. While most users dont care to read the Terms and Conditions of the programs they are installing, third party tools such as these are installed easily.
Browser hijackers are usually installed as ActiveX controls while the user is visiting their affiliate's websites. The most common source of spywares are porn and cracks websites. These websites promise the user to enable them to view their content if they install these add ons.
A new class of them is called betraywares. These programs promise to remove spywares but they are themselves housing many of them. A whole new breed of search assistants, pop up blockers, online form filling tools, password keepers comes under this list.

How to tell you are infected ?
Usually when spywares are installed on your system, your network traffic increases. If you feel your computer is not behaving the way it was supposed to be, most probably you are infected. You should check what programs are getting loaded when the computer is starting up and what programs are running in the task manager. If you notice some suspicious entries in task manager or startup list, look out what programs are these. If you are on an always on connection, you should monitor the network traffic of your computer.

How to remain safe from spywares ?
Spywares will not get installed if the user himself will not allow it to install. If the user is careful in monitoring what programs get installed to his computer, it become very difficult for spywares to get installed.
The user should pay attention to the Terms and Conditions or EULA of them program being installed. Reference to third party installation should be given more attention.

Not every freeware is a spyware. But those free programs which utilize the internet to deliver their objectives should be looked at suspicously. Usually Search Assistants or popup blockers apart from reputable companies should be avoided.
The user should remain careful of sites he visits. Most of the users get infected while browsing the "underground" sites. Websites that provides cracks or porn websites are often source of dialers and hijackers. The user should use his intuition while browsing these sites. They will not come to you if you dont go to them.

Use antispywares:
Programs like Spybot Search & Destroy and Ad Aware are considered reputed in removing spywares. Spyware Blaster is a great utility that will not let the spywares getting installed in the first place. All these program should be updated regularly as new parasites gets discovered daily.

Use Firewall:
Firewalls have become a necessity these days. And those with with always on connection should enable firewall on their systems. Firewall monitors the network traffics and blocks unnecessary connections. They are also effective against worms propogating through random ip addresses.

Use Antivirus:
Antivirus are now just as essentials as operating systems are. Antivirus should be updated regularly too as new virus are discovered on daily basis.

Use Windows Update regularily:
As new vulnerabilities are discovered, parasites exploiting them too arise. So patches to fix them should be installed regularily.

Make DVD iso from CD isos of Fedora Core 5

it is quite simple. Since things have gone multi-giga-byte now a days, handeling one DVD is way easier then poppin n jiggling six CDs one after the other. Ok here are the steps.What u need:1. The CD isos of Fedora core 5 ofcourse(the 1st five only, as sixth is rescue)2. Magic ISO to edit images. or any other free alternative3. An editor.4. A Dvd Burner.5. Daemon tools(makes life easier and lessens the free space req.)6. 4 Gb free HDD space(+ the space the CD isos are taking up)HowTo:1. Copy the CD1 to a temp folder.(there should be 4 GB space on this drive)2. Open Magic ISO and browse for the file.3. From the root of the image see for a file named ".diskinfo"4. Right click and extract on desktop.5. Open a command promp and type "edit"(notepad doest work with this nicely, u can use textpad too)6. Browse to the ".diskinfo" file. it will look like this:
Code:1142397842.393345
Fedora Core
x86_64
1
Fedora/base
Fedora/RPMS
Fedora/pixmaps7. Edit the file to look like this, basically append ",2,3,4,5" after "1" in line 4.
Code:1142397842.393345
Fedora Core
x86_64
1,2,3,4,5
Fedora/base
Fedora/RPMS
Fedora/pixmaps8. Save the file.9. Drag and drop it to the open iso in Magiciso.10. Right click on daemon tools in the taskbar and goto virtual CD/DVD-ROM>set no of deviced>4 Drives.11. After the drives have been created left click on daemon tools again and select "Device 0" and Browse to the 2nd CD image to mount it.12. Repeat the above step for Cds 3 thru 5. (and select device 1 thru 3 respectively). You should have cds 2 thru 5 loaded in virtual drives. check thru My computer.13. Next, for each drive(mounted image) go to Drive:\Fedora\RPMS and select and drag and drop all files onto the magic iso window under the folder Fedora\RPMS.(alternatively add then thru magic iso, whatever, just add all). You will be asked to over write a file "TRANS.TBL" each time u drag and drop. just select yes(for explanation see page 3 of this thread).14. After you have added all rpm files. select File>save under magiciso. rename the file to DVD from CD.15. You are all done. Now Burn and enjoy!!!Clean UP:1. Left click on deamon tools and select unmount all. 2. Right click deamon tools and goto virtual CD/DVD-ROM>set no of deviced>1 Drives3. Delete the CD isos if u want to free up space(1st check the DVD Image to be sure)4. Delete ".diskinfo" from desktopSHORTCOMING: This media will NOT pass the media check. so do no test it. If u are paranoid'nf then load a virtual machine and emulate the linux setup and "media-check" the individual cd isos there. To make it pass the media check u need to regenerate the checksums. which is beyond the scope here and worthless for home users.
OR..
Go to the fedora website hosting the CD isos.2. Directly mount the CD isos one by one in deamon tools via the webaddress(suppose drive x)3. Run "CMD" and execute the following commands:4. Change directory to drive x by typeing "x:"5. type "copy .diskinfo c:\cd1.diskinfo"6. Type "tree > c:\cd1.txt"7. Load the next iso in deamon tools and repeat the two commands above but keep changing the 'cd1' to cd2 and so on(in both commands).8. Now after u have all the directory structure u gotta get working. load the DVD iso in deamon tools9. Now using explorer create five folders named CD1 ... CD510. See the directory structure but running CMD and using the edit utility.11. Now for each folder duplicate the contents by copying the files from DVD according to the CD structure.12. Rename each "cdx.diskinfo" file to ".diskinfo" and place in respectibe CD folder13. Make iso using magiciso or nero.14. Varify the file size.15. Any files u dont find in the DVD, copy them off by loading the CD iso again in Deamon tools directly from the web.I sincerely dont think u will go thru the above painfull process.I am not aware of any simpler processes except downloading the ISO images.Just think of my effort to write this procedure and try it. give feedback.I havent tried the above so no promices but logically it should work.

source-www.thinkdigit.com