Is it possible to detect from a website visit if a certain BHO is installed on surfers browser.

I am interested in detecting if a certain malware BHO is installed on my visiters browsers when they visit a website and would like to give them the ability to uninstall the BHO after they have been notified about the presence of it.

I don't think there is a way to do this. I thought you might be able to do it via ClientCaps.isComponentInstalled but that appears to only work for a small subset of Microsoft components.

The only way to do this is to create an application that scans the registry key entries @ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects. You would then have to map these GUIDs back to their BHOs you want to block. An easier approach might be to encourage the user to download Windows Defender or another malicious/spyware removal tool.

I suggest relying on another tool to do the removal because removing these malicious BHOs is not as simple and unregistering the COM object and deleting the DLL. They usually have deeper tentacles into the system and hurt the user’s computer more if you only clean out part of them.

In general, that approach won't work in IE7, because of the ActiveX opt-in feature. Remotely detecting components on the user's computer (that were not explicitly coded to permit detection) would be considered a security bug.