Browser Helper Object

123456789ASHU 2,327 views 36 slides Mar 09, 2016
Slide 1
Slide 1 of 36
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36

About This Presentation

BHO is a component of Microsoft's internet explorer web browser application. It is an add-in designed to provide or expand the functionality of the browser and allow developers to improve the web browser with new features.

Size: 1.38 MB
Language: en
Added: Mar 09, 2016
Slides: 36 pages

Slide Content

BROWSER HELPER OBJECTS

INDEX Introduction Definition and Function Shell Extensions Lifecycle , History and Examples Process ( Execution and Implementation ) Manage BHOs Writing and Registration BHO Malwares and Concerns Tools to remove BHO Determination Of BHO status Bibliography

INTRODUCTION There are sometimes circumstances in which you need a more or less specialized version of the browser. In this case, you're free to add to  that  browser any new, nonstandard feature you want. But what you actually have is just a new, nonstandard browser. The Web Browser control is just the parsing engine of the browser. This means there still remains a number of UI-related tasks for you to do: adding an address bar, toolbar, history, status bar, channels, and favorites, just to name a few. So , to create a custom browser you have to write two types of code: the code that transforms the Web Browser control into a full-fledged browser like Microsoft Internet Explorer, and the code that implements the new features you want it to support. And Browser Helper Objects (BHO ) do just that.

DEFINITION BHO is a component of Microsoft's internet explorer web browser application. It is an add-in designed to provide or expand the functionality of the browser and allow developers to improve the web browser with new features. In simple words ,BHO is just a small program that runs automatically every time we start our internet browser. But generally they have something to do with HELPING us browse the internet. Usually, a BHO is installed on your system by another software program . Technically,   Browser Helper Object  ( BHO ) is a DLL module designed as a plugin for Microsoft's Internet Explorer web  browser  to provide added functionality.

FUNCTION The technical answer is "anything", but generally, it will have something to do with "helping" you browse the Internet . It may open, edit or modify files; search or send mails; or send error or failure reports to the developers. However, many BHOs are what is called "ad-ware" or "spyware": they do things like monitor the websites you visit and report this data back to their creators.

SHEL L EXTENSIONS Shell extensions are in process COM (component object model) objects which extend the abilities of windows operating system. Most shell extensions are automatically installed by the operating system, but there are also many there applications that install due to additional shell extension components. A BHO follows the same pattern the difference being which interfaces to implement. Also there is a difference in the trigger that causes a BHO to be loaded. Despite implementation differences the two share common nature.

SHELL EXTENSIONS AND BHO: COMMON FEATURES Features Shell extension Browser Helper Object Loaded by Windows Explorer. Internet Explorer (and Windows Explorer for shell version 4.71 and later). Triggered by User's action on a document of a certain class (that is, right-click) Opening of the browser's window. Unloaded when A few seconds later the reference count goes to 0. The browser window that caused it to load gets closed. Implemented as COM in-process DLL. COM in-process DLL. Registration requirements Usual entries for a COM server plus other entries, depending on the type of shell extension and the document type that it will apply to. Usual entries for a COM server plus one entry to qualify it as a BHO. Interfaces needed Depends on the type of the shell extension. IObjectWithSite .

LIFECYCLE OF BHOs Shell version Installed products BHOs supported by 4.00 Windows 95 and Windows NT 4.0 with or without Internet Explorer 4.0 or earlier. Note : The Shell Update isn't installed. Internet Explorer 4.0 4.71 Windows 95 and Windows NT 4.0 with Internet Explorer 4.0 with the Active Desktop Shell Update release. Both Internet Explorer and Windows Explorer 4.72 Windows 98. Both Internet Explorer and Windows Explorer 5.00 Windows 2000 Both Internet Explorer and Windows Explorer

HISTORY BHO concept was introduced back in 1997 with the release of Internet Explorer 4.0 . Applications that install BHO’s are popular because they allow the application developers to provide features and customizations that enhance their applications For example, the Windows Live Toolbar (shown below) includes a Browser Helper Object (Windows Live Sign-In Helper).  This BHO is a control displayed when you try to log into Windows Live services and helps you log in with m ultiple Windows Live ID’s on the same machine .

EXAMPLES OF BHO Some BHO modules enable the display of different file formats not ordinarily interpretable by the browser. The Adobe Acrobat plug-in that allows Internet Explorer users to read PDF files within their browser is a BHO. Other modules add toolbars to Internet Explorer, such as the  Alexa Toolbar that provides a list of web sites related to the one you are currently browsing, or the Google Toolbar that adds a toolbar with a Google search box to the browser user interface. The Conduit toolbars are based on a BHO that can be used on Internet Explorer 7 and up. This BHO provides a search facility that connects to Microsoft's Bing search.

ADOBE ACROBAT HELPER APPLICATION You can display PDF files in Microsoft Internet Explorer 5.0 or later if you have Adobe Reader or Adobe Acrobat installed on your computer. First, you need to configure Internet Explorer to use Adobe Reader or Adobe Acrobat as a helper application.

Google Toolbar  is an web browser toolbar for Internet Explorer. Google Toolbar resides above the browser's tab bar and provides a search box to carry out web searches. Users can log into their Gmail accounts and access their email, saved bookmarks, and web history. GOOGLE TOOLBAR

PROCESS In its simplest form, a BHO is a COM in-process server registered under a certain registry's key. Upon startup, Internet Explorer looks up that key and loads all the objects whose CLSID is stored there. The browser initializes the object and asks it for a certain interface. If that interface is found, Internet Explorer uses the methods provided to pass its  IUnknown  pointer down to the helper object. 

EXECUTION OF BHOs A Browser Helper Object is loaded when the main window of the browser is about to be displayed and is unloaded when that window is destroyed. If you open more copies of the browser window, more instances of the BHO will be created. The BHO is loaded despite the command line that launches the browser. For example, it gets loaded even if you simply want to see only a specific HTML page or a given folder . The most interesting feature of BHOs is that they are extremely dynamic. Each time Window Explorer's or Internet Explorer's window is opened, the loader reads the CLSID of the installed helper objects from the registry and deals with them.

Each time a new instance of Internet Explorer starts, it checks the windows registry for the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion \Explorer\Browser Helper Objects This key can be found in Registry Editor (regedit.exe ), a tool intended for advanced users. Registry Editor lets you view registry folders, files, and the settings for each registry file. When a BHO gets registered onto the system it adds various keys in the registry. When Internet Explorer starts up it reads the registry location below telling Internet Explorer which BHOs it needs to load up . IMPLEMENTATION OF BHOs

REGISTRY EDITOR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion \Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}

This key location lists 16-byte CLSID strings for the BHOs. Using this string it then points to another location in the registry telling Internet Explorer which DLL module to load up. If Internet Explorer finds this key in the registry, it looks for a CLSID key listed below the key. The CLSID keys under Browser Helper Objects tell the browser which BHOs to load. For each CLSID that is listed below the BHO key, Internet Explorer calls CoCreateInstance to start the instance of the BHO in the same process space as the browser. If the BHO is started and implements the IObjectWithSite interface , it can control and receive events from Internet Explorer.

CLSID When Internet Explorer loads up the BHO the browser only reads 16-byte CLSID format {399BFACE-3ADA-4DAE-80D8-E221812243A9} and then loads up the BHO via the normal process. So any added characters are ignored by Internet Explorer.

MANAGE ADD-ONS Add-on Manager  was a new feature of Windows XP Service Pack 2. It can change the content of a webpage as it is rendered by controlling and managing these add-ons. For example, Adblock extensions can prevent the browser from loading images which are advertisements.

SYSINTERNALS AUTORUNS Sysinternals Autoruns is an application software developed and made available by Microsoft for Windows. Autoruns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce , and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more.

But both Autoruns and Add-on Manager do not show the malicious BHO installed as these tools reads the entire string instead of the 16-byte CLSID format which Internet Explorer does do. MANAGING BHOs

CONCERNS The BHO  API exposes   hooks  that allow the BHO to access the Document Object Model (DOM ) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of  malware have also been created as BHOs. Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in Internet Explorer and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions.

BHO CAUSES WEBSITES TO LOAD SLOWLY The loading speed of the website on the web browser is affected more by internal forces than external forces. Many people unwittingly load “browser helper objects” in their browser that actually tax the speed of the browser interface . In the give snap shot 4 different helper objects can be seen installed in IE 8.0 browser. By un-checking the boxes it can be turned off.

BHO AS SPYWARE BHO's can be a type of  Spyware , and some abusers like AdBreak frequently display obscene pornographic pop-up adverts while surfing the net Others could potentially do absolutely anything, they can be poorly programmed, and as they tend not to care about the well-being of your computer. They're scum - which gives them the right not to care. I f it has been noticed that Explorer keeps crashing for unknown reason, it's quite likely a chance of having BHO('s) running on computer.

DISABLING THIRD PARTY TOOLS To disable the tool bands and Browser Helper Objects, follow these steps:  

BHODEMON Windows doesn't make it easy to detect and remove BHO's manually, however  Bhodemon  from Definitive Solutions is a very good program that can show what BHO's are installed on the system. Bhodemon.exe is a type of  EXE file  associated with BHODemon 2.0 developed by Definitive Solutions, Inc. for the Windows Operating System. The latest known version of Bhodemon.exe is 2.0.0.23, which was produced for Windows XP. This EXE file carries a popularity rating of 1 stars and a security rating of " UNKNOWN“. You can manually see if you have any BHOs on your PC by searching the following location using a registry editor as shown in the image .

TOOLS TO REMOVE BHOs Spy BHO Remover  (formerly BHO Remover) is the advanced tool to explore and  remove Malicious BHO's  from your system.

SPY BHO REMOVER Spy BHO Remover helps in quick identification and removal of such spy BHO's present in the system. It not only performs heuristic based threat analysis but also provides  Online Threat Verification  mechanism which makes it easy to differentiate between legitimate and malicious BHOs. It also presents  'Backup & Restore'  feature which makes it easy to remove and re-install the BHO any number of times. Users no longer have to worry about accidental removal of BHO as all removed BHOs are automatically backed up which can then be restored from  'Removed BHO List' . It also comes with a unique feature to completely enable/disable all installed BHOs at one shot . It works on wide range of platforms starting from Windows XP to  Windows 8.

REMOVING NJSTAR BHO NJStar Asian Explorer installs a Browser Helper Object for Internet Explorer in order to generate website statics for www.ChineseTop100.com. It reports 10 most visited Chinese websites to ChineseTop100.com on every 1000 visited Chinese webpage. You are 100% assured that no other personal information are collected or reported. Since some anti Spyware software identifies every Browser Helper Object as spyware and asked to remove it. Here are the manual removal instructions:

Now when the malicious BHO (e.g. flashcpx.dll ) gets installed it does something clever to hide its presence yet still manage to load up. As you can see below the CLSID string is longer than usual. The added characters cause most tools not to list out the BHO even though Internet Explorer loads it up. HKLM\SOFTWARE\Microsoft\Windows\ CurrentVersion \Explorer\ BrowserHelperObjects \{ 399BFACE-3ADA-4DAE-80D8-E221812243A9}80D8-E221812243A9} Since the string is longer than recommended when it goes to find the CLSID key in [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID] the key is not found and therefore the DLL module does not get listed. Quite odd that “ manage add-ons ” is part of Internet Explorer but does not list it . MALICIOUS BHO

  SOME COMMON BHO MALWARES Download.ject malware installs a BHO that would activate upon detecting a secure HTTP connection to a financial institution, record the user's keystrokes (intending to capture passwords) and transmit the information to a website used by Russian computer criminals. Other BHOs such as the MyWaySearchbar track users' browsing patterns and pass the information they record to third parties. theClSpringtrojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user. The DyFuCA spyware even replaces Internet Explorer's general error page with an ad page.

WRITING AND REGISTRATION A Browser Helper Object is a COM in-process server, we use the Active Template Library (ATL) to build one using C++ . Another reason for choosing ATL is that it already provides a default and good enough implementation of the  IObjectWithSite  interface. A BHO is a COM server and should be registered both as a COM server and as a BHO. The ATL Wizard provides you with the necessary registrar script code (RGS) that accomplishes the first task. Under the  Browser Helper Objects  key fall all the installed helper objects. Such a list is never cached by the browser, so installing and testing BHOs is really a quick matter .

DETERMINATION OF BHOs STATUS   The CLSID list catalogues a number of different Windows / Internet Explorer components in form of Browser Helper Objects ( BHOs). SystemLookup hosts a collection of lists that provide information on the components of legitimate and potentially unwanted programs . Status Key followed by SystemLookup are: X = Malware, spyware, adware, or other potentially unwanted items L = Legitimate items O = Open to debate ? = Currently unknown status

BIBLIOGRAPHY https://msdn.microsoft.com/en-us/library/bb250436(v=vs.85).aspx https:// en.wikipedia.org/wiki/Browser_Helper_Object https://en.wikipedia.org/wiki/Browser_Helper_Object#/media/File:Am_addon_manager.png https:// support.microsoft.com/en-us/kb/298931 http:// windows.microsoft.com/en-in/windows/what-is-registry-editor#1TC=windows-7 http://sysinternals-autoruns.en.lo4d.com/

THANKS
Tags
bho internet explorer internet addon help plugin browser helper object browser object
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 2,327
  • Slides 36
  • Favorites 1
  • Age 3554 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category