http://www.castlecops.com/CLSID.html CastleCops - TonyKlein's BHO Collection en-us Paul Laudanski (mailto:paul@computercops.biz) Copyright © 2002-2005 CastleCops® 2008-08-28T13:38:57-05:00 daily 24 2003-01-01T12:00-05:00 \{CC628875-53FE-4DE3-9CA8-E61652820398} X BHO TB [random filename] VirtuMonde/Vundo, http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99 adware component http://www.castlecops.com/clsid-55539.html http://www.castlecops.com/clsid-55539.html \{EB6EC5D7-7D19-A8C7-D607-F0993BF94A9F} X BHO TB ExpertHelper-1.dll, ExpertHelper-2.dll, ExpertHelper-3.dll PlayMP3Z.biz, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=153897 adware variant http://www.castlecops.com/clsid-55538.html http://www.castlecops.com/clsid-55538.html \{EC42C204-B7C5-4e0e-BF8F-690D278018C1} X BHO TB ****.dll (random char or digit) Parasite of Chinese origin, detected by Kaspersky, http://www.kaspersky.com/ antivirus as AdWare.Win32.WSearch.o http://www.castlecops.com/clsid-55537.html http://www.castlecops.com/clsid-55537.html \{D26AAB3B-B0DD-456C-A7E5-4DA9565FD6EE} X BHO TB goldmng.dll, goldman.dll, gldmng.dll, gldman.dll gldmanager.dll, GLDMAN~1.DLL, GOLDMA~1.DLL Parasite redirecting to fake security sites, member of the FakeAlert, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=43521 aka SmitFraud, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=44645 malware family - produces IEDefender, http://www.symantec.com/security_response/writeup.jsp?docid=2007-111420-0754-99 , FilesSecure, http://www.symantec.com/security_response/writeup.jsp?docid=2007-122812-3859-99 , MalwareBell, http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-041610-3304-99 , IE_Antivirus, http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-042813-4856-99&tabid=1 or similar popups - also see here, http://www.bleepingcomputer.com/forums/topic114240.html http://www.castlecops.com/clsid-55536.html http://www.castlecops.com/clsid-55536.html \{04B2B073-361D-420E-B5A5-78C4B926E39A} X BHO TB bgrqfetx.dll Parasite causing false spyware warnings and connecting to fake "security sites" - member of the FakeAlert, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=43521 aka SmitFraud, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=44645 malware family http://www.castlecops.com/clsid-55535.html http://www.castlecops.com/clsid-55535.html \{E0597566-BAA7-49B5-875B-5E203D363229} X BHO TB bgrqfetx.dll Parasite causing false spyware warnings and connecting to fake "security sites" - member of the FakeAlert, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=43521 aka SmitFraud, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=44645 malware family http://www.castlecops.com/clsid-55534.html http://www.castlecops.com/clsid-55534.html \{36C52D2F-5D45-49DC-810E-2EAA0E1925A2} X BHO TB wnlmdakqpbv.dll Adware downloader causing false spyware warnings and connecting to rogue "security sites", a member of the Trojan-Downloader.Zlob.Media-Codec, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=44478 aka NewMediaCodec, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=149335 malware family http://www.castlecops.com/clsid-55533.html http://www.castlecops.com/clsid-55533.html \{4A10BF18-AE42-4D89-8D72-0742D83AA2C6} X BHO TB wnlmdakqqas.dll Adware downloader causing false spyware warnings and connecting to rogue "security sites", a member of the Trojan-Downloader.Zlob.Media-Codec, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=44478 aka NewMediaCodec, http://research.sunbelt-software.com/threatdisplay.aspx?threatid=149335 malware family http://www.castlecops.com/clsid-55532.html http://www.castlecops.com/clsid-55532.html \{583fcb3d-8b18-450c-8120-42f8d42d737c} O BHO TB tbDj_C.dll, tbDj_0.dll, tbDj_l1.dll Dj_Clup, http://djclup.ourtoolbar.com/ Toolbar - a Conduit/EffectiveBrand, http://www.conduit.com/Benefits/Default.aspx "Free Community" toolbar - modifies the default IE SearchHook. Some Conduit toolbars are reputed to have a certain adware/trackware functionality. http://www.castlecops.com/clsid-55531.html http://www.castlecops.com/clsid-55531.html \{db35fda8-77e3-4784-92c2-ee7345e91af4} O BHO TB tbxplo.dll, tbxpl0.dll, tbxpl1.dll xplorer2, http://xplorer2.ourtoolbar.com/ Toolbar - a Conduit/EffectiveBrand, http://www.conduit.com/Benefits/Default.aspx "Free Community" toolbar - modifies the default IE SearchHook. Some Conduit toolbars are reputed to have a certain adware/trackware functionality. http://www.castlecops.com/clsid-55530.html http://www.castlecops.com/clsid-55530.html