Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can't get rid of Trojan.bho

  • Please log in to reply
1 reply to this topic

#1 Patufo


  • Members
  • 1 posts
  • Local time:12:04 PM

Posted 18 December 2008 - 07:37 PM

Thank you for the excellent resources on this site. I have been able to fix many problems. Recently I started got the Pancolp virus and followed all the directions that I could find on this site to get rid of it. I have run SuperAntiSpyware, CCleaner, Malwarebytes' Anti-Malware, and AFT-Cleaner in both Safe Mode and normal mode and I rebooted each time. I also went out to Secunia.com and ran a vulnerability test. From that I updated Java, Quicktime, Adobe Reader and Flash player to the latest versions. I then deleted all old versions of Java. I am no longer having trouble with Pancolp. However, each time I run a scan I come up with Trojan.BHO in the registry. It says that it will be deleted upon reboot but it is still there. Here are the latest logs.


Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

12/18/2008 3:57:07 PM
mbam-log-2008-12-18 (15-57-07).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 102386
Time elapsed: 21 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Scan Log

Generated 12/18/2008 at 03:21 PM

Application Version : 4.23.1006

Core Rules Database Version : 3678
Trace Rules Database Version: 1657

Scan type : Complete Scan
Total Scan Time : 00:22:31

Memory items scanned : 195
Memory threats detected : 0
Registry items scanned : 6256
Registry threats detected : 3
File items scanned : 44937
File threats detected : 0

Unclassified.Unknown Origin

I also have the initial logs if that is needed.

What can I do to get rid of this?

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,305 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:04 PM

Posted 19 December 2008 - 07:28 AM

In the link below are instructions for using DrWeb Cureit.


If that doesn't remove the malware do an online scan with Kaspersky online scanner. Post the results back here.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users