Results 1 to 8 of 8

Thread: Browser Helper Object

  1. #1
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default Browser Helper Object

    Hi, Spybot has given me a warning that a registry entry has been changed called
    Browser Helper Object. The change is that the value was deleted. It's a bit odd because it doesn't give me the option to deny the change (it is greyed out), neither is there is any info on it. I'm not sure if I should accept his change?

    Any advice?

    Thanks, Trevor

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,879

    Default

    TeeZee:

    During some registry changes the "Deny change" option is grayed out (is not an option). This appears to be on changes such as the removal of a Browser Helper Object (Value deleted). This is speculation but I assume that the "Deny change" is grayed out because by the time TeaTimer recognizes the Registry change the underlying code for the BHO has been deleted and therefore denying the change would do no good to save the BHO from being deleted. I assume that the same would hold true for a "Value deleted" for an ActiveX process and possibly other changes. In this case the registry change dialog serves as a warning that something has changed.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default Thanks

    Hi, thanks for your reply. How can I know if the change that was made is harmful or not?

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,879

    Default

    TeeZee:

    You have to determine what you were doing when the change occurred. Where you uninstalling or changing something?

    The key to what Browser Helper Object (BHO) was actually deleted would be the Class ID (CLSID) that was in the Old Data field of the message you received. That information is also recorded in the Resident.log.

    There are several ways (4 listed below) to access the TeaTimer's Resident.log file:
    1. Right click on the TeaTimer (Spybot-SD Resident) system tray icon and select Show Log.
    2. Go into Spybot > Mode > Advanced Mode > Tools > Resident.
    3. Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Select the Resident.log file and open it.
    4. Using Windows Explorer, navigate to the Resident.log file located in one of the following directories:
      • Windows 95 or 98:
        C:\Windows\Application Data\Spybot - Search & Destroy\Logs
      • Windows ME:
        C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
      • Windows NT, 2000 or XP:
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
      • Windows Vista:
        C:\ProgramData\Spybot - Search & Destroy\Logs

      Double click on Resident.log file and it should open with Notepad.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    May 2008
    Posts
    2

    Default Same Issue, Here is what the resident.log says

    Hi,
    I am having this same issue. I have opened the Resident.log file, and here is what it says:

    5/12/2008 8:27:54 AM Allowed (based on user decision) value "{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" (new data: "") deleted in Browser Helper Object!
    5/12/2008 8:27:58 AM Allowed (based on user decision) value "{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" (new data: "") added in Browser Helper Object!
    5/12/2008 9:43:04 PM Allowed (based on user decision) value "{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" (new data: "") deleted in Browser Helper Object!
    5/12/2008 9:43:07 PM Allowed (based on user decision) value "{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" (new data: "") added in Browser Helper Object!

    Right now, there is a popup window telling me again that the value has been deleted. Any ideas?

    Thanks.

  6. #6
    Senior Member spybotsandra's Avatar
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,276

    Default

    Hello,

    There is no action needed.
    That is only a notification from the resident TeaTimer that a process has been blocked.
    Please read this information about TeaTimer:
    http://www.safer-networking.org/en/faq/33.html
    and http://www.safer-networking.org/en/faq/34.html
    The tutorial (point 8) on our homepage should also help explaining:
    http://www.safer-networking.org/en/tutorial/index.html

    Best regards
    Sandra
    Team Spybot
    Follow Spybot on Twitter

    There is no support for unsolicited PM requests available. Please use the board section which accords to your product. Thanks.

  7. #7
    Junior Member
    Join Date
    May 2008
    Posts
    2

    Default

    Thanks, Sandra.

    I have a few other questions. They are based on the quote below from this link, http://www.safer-networking.org/en/tutorial/index.html

    "But if the message comes out of the blue sky while you were surfing the web, you should get cautious. In this case it is better to deny the registry change."

    Well, my messages have been coming out of the blue sky, and not necessarily when I am even surfing the web (I find the messages on my machine first thing in the morning, the machine has been running all night). Is there any way to tell what program is trying to change the registry? I have run scans for viruses and spyware, and nothing has come up. What other precautions should I take?

  8. #8
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    560

    Default

    yotravel,

    This is either part of FlashGet, which you should know you've installed, malware masquerading as this BHO or possibly a false positive.

    http://www.file.net/process/jccatch.dll.html

    I suggest you create a Spybot log listing with the BHO section and copy/paste the information relating to this item (identified by the number below) in your next post. That will help someone here identify it if you can't yourself.

    Bitman

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •