hdbho.dll ?

achoriim · Apr 6, 2007

Two days ago I received an intrusion alert from Norton that stated the following:

Attempted Intrusion "HTTP ANI File Anih Hdr Size BO" against your machine was detected and blocked.

I ran HTJ and saw a BHO called HDBHO.dll that shouldn't be there. I removed it with HTJ. I then removed the file from the system32 folder. (It wouldn't remove normally. I first tried IEPurge which didn't work. Finally, MoveOnBoot got rid of it.

My problematic symptoms of the last two days have been:
1) I was having an advertising pop-up come up every now and then.
2) My Internet Explorer would crash sometimes in random moments.
3) My computer seems to be acting funny when I get to the Log In screen of WIndows XP. It doesn't flow smoothly when I put my password in and loads my personal settings in a very slow way.

Do these problems seem related to the intrusion alert I received? If not then, any idea what it might be?

SInce removing the dll file I have not YET had a problem in Internet Explorer or with pop-ups. The log-on thing was there when I just restarted to remove the dll file on reboot.

Thanks for any advice.

DavidGP · Apr 6, 2007

HI

Well good thing is that Norton detected and blocked this intrusion, however do you run HiDOwnload software for ripping webstreams as that browser helper object HDBHO.dll is related to that application?

Microsoft also issued a security hotfix for this back in 2005 under KB891711 Symantecs alert page on this attack , so is your OS fully and currently upto date?

If you have not installed the HiDOwnload software or you feel you have malware still on your PC then please run through the below, but do describe any popups you were recieving or any browser re-directs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

CounterSpy

AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy

Bitdefender - from step 6

Panda Scan - from step 6

runkeys.txt - the log from GetRunKey.bat

newfiles.txt - the log from ShowNew.bat

HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

Log in or Sign up

hdbho.dll ?

achoriim Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member