Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Autoruns
  New Posts New Posts RSS Feed: winbrume.dll
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

winbrume.dll
 Post Reply Post Reply Page  12>
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
asjones View Drop Down
Newbie
Newbie


Joined: 20 May 2006
Online Status: Offline
Posts: 16 		  Quote asjones Quote  Post ReplyReply Direct Link To This Post Topic: winbrume.dll
    Posted: 20 May 2006 at 11:46am
Any thoughs on why the Browser helper object of Winbrume.dll
http://virusinfo.prevx.com/pxparall.asp?PX5=0736286c0089de24 24ec01537a18ab003747af5d
would not show up in Autoruns?

thanks

Alan
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2006 at 5:25am
Hi, Alan.

Completed link:
winbrume.dll

Any thoughs on why the Browser helper object of Winbrume.dll [...] would not show up in Autoruns?

Might this be one of several possible reasons
WINBRUME.DLL may use 16 or more path and file names, these are the most common:
(taken from the webpage above)?

And who says it is not listed? Care to post your Autoruns output?

Karl
Back to Top
asjones View Drop Down
Newbie
Newbie


Joined: 20 May 2006
Online Status: Offline
Posts: 16 		  Quote asjones Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2006 at 10:48am
Karlchen,

Unfortunatly I did all the cleanup with other programs and never captured the orignal Autoruns like I should have.  I am not saying for sure there was a problem with Autoruns.  However I only had 2 browser helpe objects before with autoruns and sill only have two.

I could have missed something, but the wanted to see if someone else had simular experiances or knew anything else.

thanks

Alan
Back to Top
TonyKlein View Drop Down
Groupie
Groupie
Avatar

Joined: 13 June 2005
Location: Netherlands
Online Status: Offline
Posts: 50 		  Quote TonyKlein Quote  Post ReplyReply Direct Link To This Post Posted: 22 May 2006 at 2:35am
Funnily enough,  I can confirm this.  Being a "collector",  I registered a copy of winbrume.dll,  and logged what happened.

The relevant bits from the Inctrl5 report:

Keys added:
-------------
   
    HKEY_CLASSES_ROOT\CLSID\{C8F21DFE-B35C-4274-82EC-1E072D09025 E}
    HKEY_CLASSES_ROOT\CLSID\{C8F21DFE-B35C-4274-82EC-1E072D09025 E}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{C8F21DFE-B35C-4274-82EC-1E072D09025E}

Values added:
----------------
   
    HKEY_CLASSES_ROOT\CLSID\{C8F21DFE-B35C-4274-82EC-1E072D09025 E} "(Default)"
        Type: REG_SZ
        Data:
    HKEY_CLASSES_ROOT\CLSID\{C8F21DFE-B35C-4274-82EC-1E072D09025 E}\InprocServer32 "(Default)"
        Type: REG_SZ
        Data: C:\WINDOWS\system32\winbrume.dll
    HKEY_CLASSES_ROOT\CLSID\{C8F21DFE-B35C-4274-82EC-1E072D09025 E}\InprocServer32 "ThreadingModel"
        Type: REG_SZ
        Data: Apartment


Hijack This 'saw' it as well:

O2 - BHO: (no name) - {C8F21DFE-B35C-4274-82EC-1E072D09025E} - C:\WINDOWS\system32\winbrume.dll


But AutoRuns didnt:

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow ser Helper Objects           
+ AcroIEHlprObj Class    Adobe Acrobat IE Helper Version 7.0 for ActiveX    (Verified) Adobe Systems, Incorporated    c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ AdShield.AdShield    AdShield DLL    (Not verified) AdShield, LLC    c:\program files\adshield\adshield\adshield.dll
+ Google Toolbar Helper    Google IE Client Toolbar    (Verified) Google Inc    c:\program files\google\googletoolbar1.dll
+ HelperObject Class    SnagIt Browser Helper Object for Internet Explorer    (Not verified) TechSmith Corporation    c:\program files\techsmith\snagit 8\snagitbho.dll
+ SSVHelper Class    Java(TM) 2 Platform Standard Edition binary    (Not verified) Sun Microsystems, Inc.    c:\program files\java\jre1.5.0_06\bin\ssv.dll
+ {724d43a9-0d85-11d4-9908-00400523e39a}    RoboForm Main Module    (Verified) Siber Systems    c:\program files\siber systems\ai roboform\roboform.dll


File available on request
Tony ...   CLSID List - A Collection of Autostart Locations
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 22 May 2006 at 3:21pm
Hi, Tony, hi, Alan.

Two people confirming Autoruns misses the winbrume.dll BHO show this might be worth investigating, in particular as Hijackthis does see it.
(Thanks for your reports, Tony.)

Maybe Mark will find the time to shed some light on this. Let's see.

Karl






Edited by Karlchen - 22 May 2006 at 3:23pm
Back to Top
TonyKlein View Drop Down
Groupie
Groupie
Avatar

Joined: 13 June 2005
Location: Netherlands
Online Status: Offline
Posts: 50 		  Quote TonyKlein Quote  Post ReplyReply Direct Link To This Post Posted: 23 May 2006 at 11:42am
Hi Karl,

You're very welcome.  As I said,  if you'd like me to help you guys to a copy of the file,  just shoot me the email addy by PM or whatever,  and I'll be happy to send you one.  :)
Tony ...   CLSID List - A Collection of Autostart Locations
Back to Top
Mark View Drop Down
Admin Group
Admin Group


Joined: 04 June 2005
Location: United States
Online Status: Offline
Posts: 454 		  Quote Mark Quote  Post ReplyReply Direct Link To This Post Posted: 04 June 2006 at 11:42am
The problem for Autoruns was that the BHO has no name. The next update fixes the bug.
Back to Top
TonyKlein View Drop Down
Groupie
Groupie
Avatar

Joined: 13 June 2005
Location: Netherlands
Online Status: Offline
Posts: 50 		  Quote TonyKlein Quote  Post ReplyReply Direct Link To This Post Posted: 04 June 2006 at 11:46am
Originally posted by Mark

The problem for Autoruns was that the BHO has no name. The next update fixes the bug.


Excellent.  Thanks for the heads-up,  Mark!
Tony ...   CLSID List - A Collection of Autostart Locations
Back to Top
asjones View Drop Down
Newbie
Newbie


Joined: 20 May 2006
Online Status: Offline
Posts: 16 		  Quote asjones Quote  Post ReplyReply Direct Link To This Post Posted: 26 June 2006 at 8:26pm
I don't have a copy of Winbrume.dll any more can someone verify that this bug was fixed?

thanks

Alan
Back to Top
TonyKlein View Drop Down
Groupie
Groupie
Avatar

Joined: 13 June 2005
Location: Netherlands
Online Status: Offline
Posts: 50 		  Quote TonyKlein Quote  Post ReplyReply Direct Link To This Post Posted: 27 June 2006 at 1:17pm
Nope,  not yet,  I'm afraid.

And this is IMHO an important issue,  as a great number of BHOs, among them many installed by malware (browser hijackers,  ConHook,  and so on) have no name.
Tony ...   CLSID List - A Collection of Autostart Locations
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Privacy Statement