BookedSpace is an Internet Explorer Browser Helper Object used to show advertising.
BookedSpace/Remanent: early variant (around July 2003) with filename rem00001.dll, controlling server 66.225.192.199.
BookedSpace/BS2 and BookedSpace/BS3: newer revisions (August 2003) with filename bs2.dll or bs3.dll, controlling server www.bookedspace.com.
BookedSpace/Remanent is silently installed by MThree MP3 to WAV converter. BookedSpace/BS2 is silently installed by FreeWire's FreeMP3Player. The origin of BookedSpace/BS3 is currently unknown.
Yes. BookedSpace can contact its controlling server when a new page is visited, which may direct it to open pop-up ads.
Yes. When the controlling server is contacted, the URL of the current page is passed along with a user ID for tracking purposes.
Yes. May download and install third-party software as directed by its controlling server. BookedSpace/BS2 has been seen to install the BargainBuddy, nCase and eBates parasites.
Seems to stop IE address bar searches from working.
Open a DOS command prompt windows (from Start->Programs->Accessories), and enter the following commands, for the Remanent variant:
cd "%WinDir%\System"
regsvr32 /u "..\rem00001.dll"
Or, for the BS2 variant:
cd "%WinDir%\System"
regsvr32 /u "..\bs2.dll"
Or, for the BS3 variant:
cd "%WinDir%\System"
regsvr32 /u "..\bs3.dll"
Next, for BS2 and BS3, open the registry (click 'Start', choose 'Run', enter 'regedit'), find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and delete the entry 'BookedSpace' (BS2 variant) or 'Bsx3' (BS3 variant).
Restart the computer and you should be able to delete the 'rem00001.dll', 'bs2.dll' or 'bs3.dll' file in the Windows folder. You can also open the registry and delete the key HKEY_LOCAL_MACHINE\Software\Remanent or HKEY_LOCAL_MACHINE_Software\BookedSpace to clean up, if you like.