Un known file

Hi Guys, I want to know what to do with this file from my hijack log scan. I cant seem to find any thing on this site about it and this is what the hijack site said after anylising it.
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB] - Result: ) has been checked. Hit rate: -1 %
Unknown application
Is it safe to get rid of it ?? I know one of you avast knights will know.
Cheers Paul

THIS SITE
Look at the HijackThis section.
Also look at the download section, it has a BHO utillity that can tell you harmfull/trusted things.

And there is also (ofcourse) GOOGLE

Just a guess, but “navshext” sounds like “Shell Extension of Norton Antivirus”.

Yes fix it in HJT and get rid of it if HJT doesn’t also delete it.
BHO items (Browser Helper Objects), usually toolbars that you install to help you but many are installed without your knowledge and would be better described as browser hihacker objects. This may be used to serve ads or redirect to web sites of their choice, it is a browser hijack rather than a virus.

Google returns many hits on the dll file, this is just one of them http://www.castlecops.com/tk3564-navshext_dll_navshext1_dll.html further links on that page http://www.symantec.com/avcenter/venc/data/adware.systemprocess.html whilst it may be attempting to make you believe it is a nav shell or system file because of its location it isn’t.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. Wit limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator.

Always be carefull, NavShExt.dll is indeed part of Symantec Anti Virus, but NOT when it is in that location and that BHO identifier.

My BHO util could have told this.

This is the LEGITIMATE entry:
{bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\navshext.dll

Thanks guys,
Although I dont post much, I follow your exploits in the forums with great interest and they provide me with much valuable information. I get a lot of enjoyment out of the off topic forum as well. In all it has made my forray into the net a much more enjoyable experiance not to mention a much safer one and I have got most of my freinds to change over to Avast.
Cheers Paul :slight_smile: :slight_smile: :slight_smile: