Browser hi-jacked by BHO?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: tobyz (anonymous_at_discussions.microsoft.com)
Date: 04/20/04 

Date: Tue, 20 Apr 2004 15:01:38 -0700

I have been hit by a real nuisance in clicking on URL
links. If the server is not found immediately, the URL
is reformatted to a search statement and opens a Lycos
search engine (which I never use otherwise).

If the URL segment can be decomposed into two or more
words, they become separate search terms. For instance,
trying to connect to www.linnsoft.com feeds to a Lycos
search for 'linn' and 'soft'. This is very frustrating
when you know the URL is valid and get sidetracked to the
search engine several consecutive times.

Some of my research earlier today (a ZD Net site, I
believe) suggested a malicious BHO ('browser helper
object'). I then downloaded BHODemon and disabled three
of the ten BHO's reported to be in my registry.

The problem with disabling BHO's is that if they support
a browser application (such as streaming real-time stock
quotes), the application will not work. I later restored
two of the three BHO's I had disabled. (Several of the
BHO's are associated with toolbars or search engines.
googletoolbar1.dll is an example.)

I have tried to duplicate my URL-diversion-to-search-
engine as I type this message. I could not duplicate it
at this time. Possibly the one remaining disabled BHO is
the culprit.

That BHO is something like 'opncst.dll' (OpenCast?). Does
anyone have experience with OpenCast?

The above BHO name is vague because I've just opened
BHODemon again and this time it sees only 7 BHO's, not
10. opncst.dll (?) is missing, as are two that are
supposed to be enabled. We'll see if I have any browser
applications that don't work.

Does anyone have experience with Browser hi-jacking? Am
I on the right track to correct it??

Relevant Pages

  • Re: Browser hi-jacked by BHO?
    ... Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines ... > The problem with disabling BHO's is that if they support ... > a browser application (such as streaming real-time stock ... Possibly the one remaining disabled BHO is ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Event ID 538 Logon Type 3 NT AUTHORITY/ANONYMOUS LOGON
    ... First off disabling netbios over tcp/ip will not stop null sessions but it ... and 139 TCP for actual file sharing. ... applications need to use it to refer to computers by name. ... >> The browser service is just one and the most common use of null sessions. ...
    (microsoft.public.win2000.security)
  • Re: network with 98ses.
    ... >> Disabling the browser on Windows NT: ... >> Checking for browser conflict from Windows NT: ... If you're sure that you disabled the browser on both Windows 98 computers, ... report the same master browser. ...
    (microsoft.public.windowsxp.network_web)
  • a method for bypassing cookie restrictions in web browsers
    ... privacy settings that restrict cookies or disable them altogether. ... will be cached by the browser. ... Both headers can be however, if initially chosen to be unique for every ... completely disabling or severily impairing document caching in general, ...
    (Vuln-Dev)
  • a method for bypassing cookie restrictions in web browsers
    ... privacy settings that restrict cookies or disable them altogether. ... will be cached by the browser. ... Both headers can be however, if initially chosen to be unique for every ... completely disabling or severily impairing document caching in general, ...
    (Bugtraq)