BHOCLASS.DLL is Adware BHO

June 7, 2012 by NightWatcher
Filed under: Adware 
: Solved!

Fix it immediately:

We received the file BHOCLASS.DLL and detected that BHOCLASS.DLL is not good.
BHOCLASS.DLL is Adware. You should remove the file BHOCLASS.DLL.
Kill the process BHOCLASS.DLL and remove BHOCLASS.DLL from Windows.

Malware Analysis of BHOCLASS.DLL
Full path on a computer: %Common Appdata%\wxDfast\bhoclass.dll

Detected by UnHackMe:

Item Name: {E02DD4CF-7E50-D26A-2646-812614877760}
Author:
Related File: %COMMON APPDATA%\WXDFAST\BHOCLASS.DLL
Type: Browser Helper Objects

Removal Results: Success
Number of reboot: 1

BHOCLASS.DLL is known as:

Adware.BHO

BHOCLASS.DLL hash:

  • MD5: ac13c733379328f86568f6e514c2f7f8
How to quickly detect BHOCLASS.DLL presence?

Registry:
  • HKLM\Software\Classes\CLSID\{E02DD4CF-7E50-D26A-2646-812614877760}\InprocServer32\: “%Common Appdata%\wxDfast\bhoclass.dll”
  • HKLM\Software\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}\1.0\0\win32\: “%Common Appdata%\wxDfast\bhoclass.dll”
  • HKLM\Software\Google\Chrome\Extensions\dgfdkagfacmgjnffpabkfhnjpbfjknee\path: “%Common Appdata%\wxDfast\dgfdkagfacmgjnffpabkfhnjpbfjknee.crx”
Folders:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content
  • %Common Appdata%\wxDfast
  • %Common Startmenu%\Programs\wxDfast
Files:
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\chrome.manifest
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\indexeddb.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\jquery.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\jsext.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\lsdb.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\prfdb.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\sqlite.js
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\content\wx.xul
  • %Appdata%\Mozilla\Firefox\Profiles\gi17c3pt.default\extensions\staged\4fd0bb3f2a5be@4fd0bb3f2a5f6.info\install.rdf
  • %Common Appdata%\wxDfast\background.html
  • %Common Appdata%\wxDfast\bhoclass.dll
  • %Common Appdata%\wxDfast\content.js
  • %Common Appdata%\wxDfast\dgfdkagfacmgjnffpabkfhnjpbfjknee.crx
  • %Common Appdata%\wxDfast\settings.ini
  • %Common Appdata%\wxDfast\uninstall.exe
  • %Common Startmenu%\Programs\wxDfast\Uninstall.lnk
  • %Common Startmenu%\Programs\wxDfast\wxDfast.lnk
  • C:\settings.ini


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Adware, BHO, BHOCLASS.DLL

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.