Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Trojan.bho


  • Please log in to reply
1 reply to this topic

#1 Patufo

Patufo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 18 December 2008 - 07:37 PM

Thank you for the excellent resources on this site. I have been able to fix many problems. Recently I started got the Pancolp virus and followed all the directions that I could find on this site to get rid of it. I have run SuperAntiSpyware, CCleaner, Malwarebytes' Anti-Malware, and AFT-Cleaner in both Safe Mode and normal mode and I rebooted each time. I also went out to Secunia.com and ran a vulnerability test. From that I updated Java, Quicktime, Adobe Reader and Flash player to the latest versions. I then deleted all old versions of Java. I am no longer having trouble with Pancolp. However, each time I run a scan I come up with Trojan.BHO in the registry. It says that it will be deleted upon reboot but it is still there. Here are the latest logs.

Malwarebytes:

Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

12/18/2008 3:57:07 PM
mbam-log-2008-12-18 (15-57-07).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 102386
Time elapsed: 21 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SuperAntiSpyWare:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/18/2008 at 03:21 PM

Application Version : 4.23.1006

Core Rules Database Version : 3678
Trace Rules Database Version: 1657

Scan type : Complete Scan
Total Scan Time : 00:22:31

Memory items scanned : 195
Memory threats detected : 0
Registry items scanned : 6256
Registry threats detected : 3
File items scanned : 44937
File threats detected : 0

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32


I also have the initial logs if that is needed.

What can I do to get rid of this?

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:50 AM

Posted 19 December 2008 - 07:28 AM

In the link below are instructions for using DrWeb Cureit.

http://www.bleepingcomputer.com/forums/ind...t&p=1042539

If that doesn't remove the malware do an online scan with Kaspersky online scanner. Post the results back here.
http://www.bleepingcomputer.com/forums/ind...t&p=1045589
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users