Re: Hangover from the spyaxe trojan
- From: "Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx>
- Date: Sun, 22 Jan 2006 00:28:02 +0200
Yea, you see some "strange numbers" - GUIDS (Globally Unique IDentifiers),
to search files you need to find corresponding entries in
HKEY_CLASSES_ROOT\CLSID section. So, suppose, you have folloding BHO
registered as:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
You need to take this GUID - 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3 and search
it in the HKEY_CLASSES_ROOT\CLSID section, it's present on my machine at:
HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}.
When you locate it look at subnode "InprocServer32", open it and you will
see "default" value that contains path to dll. In my case this path is
H:\Program Files\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll
--
Vladimir
"nlscb" <nlscb@xxxxxxxxx> wrote in message
news:1137876282.867312.253970@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dear Vladimir,
> Do these registered files have extensions that I can search for? I
> am having trouble finding the path you are describing? Is it normally
> hidden?
>
> Niels
>
.
- References:
- Hangover from the spyaxe trojan
- From: nlscb
- Re: Hangover from the spyaxe trojan
- From: Scherbina Vladimir
- Re: Hangover from the spyaxe trojan
- From: nlscb
- Hangover from the spyaxe trojan
- Prev by Date: Re: Hangover from the spyaxe trojan
- Next by Date: Re: a more in depth description
- Previous by thread: Re: Hangover from the spyaxe trojan
- Next by thread: Re: Hangover from the spyaxe trojan
- Index(es):
Relevant Pages
|
