Explorer plug-in/addon? - Programmer

This is a discussion on Explorer plug-in/addon? - Programmer ; Can anyone help me find how Explorer addon's are implemented? I don't mean Internet Explorer - I mean just Windows Explorer. I'm trying to see how a trojan got installed on my son's system and why I can't find it ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Explorer plug-in/addon?

  1. Explorer plug-in/addon?

    Can anyone help me find how Explorer addon's are implemented? I don't mean
    Internet Explorer - I mean just Windows Explorer. I'm trying to see how
    a trojan got installed on my son's system and why I can't find it and get rid
    of it. I've looked all through the registry, but I can't find this piece
    of code that is loaded as part of Explorer.EXE!?! I know it's loaded with
    Explorer.EXE because it tries to make contact with a web server on the
    domain 'k8l.info' - an adware trojan clearly. (I've modified my etc\hosts
    file so the requests will go nowhere) While it's trying to open a connection
    to that server, I do a 'netstat -anb' and find that the TCP connection that
    attempted to contact that server is in the Explorer.EXE process.

    So there must be some way to create an addon or plugin for Explorer, but
    I can't find anything specific about it. Anyone have any ideas?

    I've even tried several adware and trojan detectors, but they didn't find
    this thing.

    Thanks for any help!

    Patrick
    ========= For LAN/WAN Protocol Analysis, check out PacketView Pro! =========
    Patrick Klos Email: patrick@klos.com
    Klos Technologies, Inc. Web: http://www.klos.com/
    ================================================== ==========================

  2. Re: Explorer plug-in/addon?

    On Nov 6, 1:59 pm, pk...@osmium.mv.net (Patrick Klos) wrote:
    > Can anyone help me find how Explorer addon's are implemented? I don't mean
    > Internet Explorer - I mean just Windows Explorer. I'm trying to see how
    > a trojan got installed on my son's system and why I can't find it and get rid
    > of it. I've looked all through the registry, but I can't find this piece
    > of code that is loaded as part of Explorer.EXE!?! I know it's loaded with
    > Explorer.EXE because it tries to make contact with a web server on the
    > domain 'k8l.info' - an adware trojan clearly. (I've modified my etc\hosts
    > file so the requests will go nowhere) While it's trying to open a connection
    > to that server, I do a 'netstat -anb' and find that the TCP connection that
    > attempted to contact that server is in the Explorer.EXE process.
    >
    > So there must be some way to create an addon or plugin for Explorer, but
    > I can't find anything specific about it. Anyone have any ideas?
    >
    > I've even tried several adware and trojan detectors, but they didn't find
    > this thing.
    >
    > Thanks for any help!



    Hi,

    Well, you can use the following method to add toolbar items
    to Microsoft Windows Explorer's toolbar, or you can create
    a COM object that implements IShellExecuteHook, the following
    weblinks should give you some pointers:

    IShellBrowser::SetToolbarItems

    http://msdn2.microsoft.com/en-us/library/bb775138.aspx

    http://msdn2.microsoft.com/en-us/library/bb775101.aspx

    http://msdn.microsoft.com/msdnmag/issues/1100/cutting/

    Kellie.



+ Reply to Thread