Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Daily Bho.cvx


  • Please log in to reply
6 replies to this topic

#1 Nehal

Nehal

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 December 2007 - 06:14 AM

I seem to have got a trojan BHO.CVX it keeps popping up on ym pc even tho my AVG said it will remove it after it reboots.I cant get rid of it.I have used Mozilla since I discovered it so I dont have to see it but I dont want it on my pc.It pops up when I go to search as well. Please help ; ;

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 14 December 2007 - 07:29 AM

Welcome to BC Nehal

Did your scan provide a specific file name associated with this malware threat and where is it located (file path) at on your system? If your scan saved a log file, it should show exactly what and where the malware has been found so post that instead.

What OS (Win XP/2000, etc) are you using? Have you tried doing your scans in "Safe Mode"?

You need to start there first. If rescanning in Safe Modes does not help, then do this:

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Perform an Online Virus Scan like BitDefender.
(These require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 F16GEA

F16GEA

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 14 December 2007 - 06:16 PM

Hi there!
I found this thread after having googled BHO.CVX as I seem to have the exact sameproblem as Nehal.

I've tried rebooting on safe mode: no luck.
Then I tried downloading those 2 programmes and followed the procedure as you described it. After rebooting, AVG still gave me the usual threat popup.
This is what the AVG popup tells me:

Threat detected. d3dpmesho.dll
Virus identified as Packed.morphine.d


And from the beginning of when this whole thing started (2 days ago) I have been getting this AVG popup:

Threat detected. dmusico.dll
Trojan


Any suggestions? I know that I haven't submitted the summary log from SUPERAntispyware but I suppose there's no point since it didn't work out. Let me know if I should do it. In that case I'll switch on the infected PC but I'm trying to keep off as much as possible to avoid further spread...

Looking forward to hearing from you.
Best regards
F16GEA

#4 F16GEA

F16GEA

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 14 December 2007 - 06:19 PM

By the way...
Those 2 dll files are both located at C:\WINDOWS\system32\
I tried to erase them manually but wasn't allowed.
I use XP SP1 and IE6 if that's of any help.
/F16GEA

Edited by F16GEA, 14 December 2007 - 06:22 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 14 December 2007 - 06:29 PM

Welcome to BC F16GEA

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more people in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 F16GEA

F16GEA

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 14 December 2007 - 06:56 PM

Hey quietman7
Thanks for your reply. Didn't know about what you just said but it makes sense. I'll start my own thread. I just thought it would save guys like you from doing the same thing twice, but I suppose you're right about having different solutions for the same problem depending on system etc...
/F16GEA

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 15 December 2007 - 06:39 AM

It also causes confusion when trying to provide specific instructions to two different members in the same thread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users