BHO ~

BHO (Browser Helper Object) BHO is an industry standard launched by Microsoft as a browser that opens interfaces for third-party programmers, with simple code, you can access the "interactived interface" in the browser field ). Through this interface, programmers can write code to obtain browser behaviors, such as "backward", "forward", and "Current page". Using the Interaction Features of BHO, programmers can also use code to control browser behavior, such as modifying and replacing the browser toolbar and adding their own program buttons. These seem to be okay in the system. BHO was originally designed to help programmers build personalized browsers and provide more concise interaction functions for programs. Currently, many ie personalized tools are implemented using BHO. Browser hijacking is a network attack method different from common virus and Trojan Infection. Instead, it uses various technologies (such as DLL plug-ins) to tamper with users' browsers. After installation, they will become part of the browser. You can directly control the browser to perform specified operations. As needed, you can open the specified website or even collect various private information in your system. The most terrible thing is that when the browser has been hijacked, you will find that the computer has encountered problems. For example, if the IE homepage is changed, an advertisement will pop up when it is started. Browser hijacking has become one of the biggest threats to Internet users. In fact, "browser hijacking" means to access your system through BHO technology, which is legal. From a certain point of view, Internet Explorer is no different from common Win32 programs. With BHO, you can write a COM object in the process, which is loaded every time it is started. Such an object will run in the same context as the browser, and can perform any action on available windows and modules. For example, a BHO can detect typical events, such as Goback, goforward, and documentcomplete. In addition, BHO can access the menu and toolbar of the browser and make modifications, you can also generate a new window to display additional information about the current webpage, and install hooks to monitor messages and actions. The BHO location in the registry is HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects. If you are interested, you can perform an experiment here. However, you must remember every step of your change. Otherwise, errors may occur! The BHO object depends on the browser's main window. In fact, this means that once a browser window is generated, a new BHO object instance will be generated. The lifecycle of any BHO object is the same as that of the browser instance. Second, BHO only exists in Internet Explorer 4.0 and later versions. If you are using Microsoft Windows? 98, Windows 2000, Windows 95, or Windows NT version 4.0, the Active Desktop shell 4.71 is also run, and BHO is also supported by Windows Resource Manager. BHO is a COM in-process service registered in the Registry with a single click. At startup, Internet Explorer queries the key and preloads all objects under the key. In thunder, tdatonce_now.dll and xunleibho_now.dll are safe modules for how to find dangerous modules in BHO. first, there is a software ice blade that can view the process. Here, we will take it as an example: First open the ice blade and we will see a BHO here to see the dangerous BHO process.