BHO Trojan!!!!!!!!!!!!!!!

[Chance]

Does anyone know how to get rid of it, I believe it is in my registry???? Oh yeah I forgot to mention that I picked it up when we had masive emails from here....Thanks

Vic

[Ann]

Lucky, I know diddly about computers but if you download BHODemon it gets rid of a whole bunch of crap including highjackers. I time it to run every night at 3 am and I've never had any problems since...touch wood.

It's free and it works. Give it a try. the link is in here somewhere.

http://www.definitivesolutions.com/bhodemon.htm

[Chance]

Well it found it and it reads at 58% of the registry but now I don't see how to get the dang thing out I donno, I think I need to go to college to be a Computer Tech. Ok sorry to bother all of you but I just paid $1,000 dollars for this computer about 6 months ago and now this dang TROJAN is eating away at my registry that is where it is hidding. OK

Vic

Hey Vic. Can you provide a little more info, please? There are thousands of BHO's circulating on the Web, which one have you identified on your system?

• What OS is installed (Win XP Home/Pro, ME, 2000, 2003)?
• What Antispyware are you using NOW? Makes a huge impact on the possible solutions.
• Look at the exact registry location -- Example; HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion

I'll give a solution beforehand. Shut down whatever the other AntiSpyware program is running and Download Microsoft's AntiSpy;
http://www.microsoft.com/athome/secu...e/default.mspx
Best of all, it's FREE!

After you install MS AntiSpy, run a quick scan, but don't delete anything YET. Then, either post or PM me what it finds. It may be a wrongly diagnosed BHO, or if you have recently installed another toolbar, they can be mistakenly reported as spyware or trojans.

[boop64132]

Vic,
Here is an anti-virus program that I use.It has worked very well!
It should find the trojan and get rid of it.

http://free.grisoft.com/freeweb.php/doc/2/

go to bottom of page and where it says AVG70free is where you want to click to install.
If that doesnt work go to...http://www.softwaretipsandtricks.com/forum/
they are wonderful about helping people find solutions.

[Chance]

Thanks guys but I have those programs already and they are not picking it up either, I have already found it but the problem is, it is in the regestry now I did the thing that Ann did and that works great to locate it and even gave me a statistic on how much it has taken hell in a month it has destroyed over half of my regestry. I have the disks to make it new yes and I have done that 3 times here in the last few weeks cause it keeps getting harder and harder to stay on line. Well each time I do it, that damn thing is back in there I think it has a home now LOL.

Love Vic

Can ya elaborate a little on that, Vic?? HOW did you find it & how did you identify it? Running a good AntiSpy that's NOT A DEMO, you can easily eradicate the infection.

I don't recommend performing any trojan-ectomy by manual means.

It can actually make things worse, becuase many of the worms etc. will embed themselves in hidden directories (much like the AOL IM & Norton Utilities do. LOL. Re-installs itself after deleting it numerous times.)

What is the worm/trojan called??? Help me out here. In order to provide more complete and effective assistance, please disclose a little more information. For all we know, it could be one of a thousand different parasites!

These are currently the most prevalent & 'in-the-wild' parasites;

Win32:Zotob
Win32:Zafi-D
Win32:Sober-H
Win32:Mydoom-M
Win32:Sasser
Win32:Netsky-B
Win32:Mydoom
Win32:Beagle
Win32:MiMail-J
Win32:Mimail-I

http://www.avast.com/eng/avast_cleaner.html
This is an awesome freebie that will eliminate nearly everything.

[Jon]

Vic...listen to Midas. I would be telling you the exact same thing. Your registry is NOT being "eaten", and there are some simple steps you can take to eradicate and then prevent trojans and worms.

The chances of picking it up from an e-mail generated by the VB software are slim-none.

Run the MS AntiSpy, as well as AdAware and Spy-Bot.

Also-where are you getting the information that you HAVE the trojan? A LOT of supposedly "free trials" of anti-viral or anti-trojan software somehow ALWAYS find something...so that they can then sell you the "full version" that will make it go away.

You can do a complete hands-off online scan of your system at http://housecall.trendmicro.com. It really is free, and is always up to date with latest worms and trojans.

Avast, as mentined by Midas, is a great free program as well.

Again, do what he says, do what I said-you'll be fine.

[Chance]

Ok the Trojans name is the Mydoom and it is located in my sonic registry or atleast that is what I have came up with so far and let me tell you I have ran the Norton Mydoom tool removal and it doesn't pick it up yet there have been serveral things that have picked it up Registry Cleaner by PC Tools, Spynomore, and the last one that picked it up is the one link that Ann (bless your heart) has told me about. Now I think that it is Mydoom F also not sure on that one but I think that is what I wrote down do you need the location it is stored in I wrote that down too but the say it is caused by a mass of emails and I have only had that twice. Sorry Jon that is just what it says I don't know my Norton did not pick it up so is my Norton Corrupt also now I don't know AVG didn't pick it up either. OK does that help guys.

Love Vic

[Jon]

Vic...slow down.

Sonic does not have it's own registry, Registry Mechanic, while a pretty good program, is one that seems to ALWAYS find something that can only be removed AFTER purchase, this is from SpyNoMores own website:

"Our Affiliates make 50% per sale! That's $20 for each sale you generate.
SpyNomore's extensive database almost guarantees that any potential customer with a problem will find a solution in SpyNoMore."

Enough said about that one...

Where, exactly, did you read this part: "is caused by a mass of emails.." Please provide a link.

You keep saying that certain, reputable tools are "not picking it up". Do you mean they are giving you a clean report? If so, what, exactly, is telling you that you have it and what, if anything, is it "doing?" You're obviously able to get online. Is there anything you cannot do?

Let me know...

[Chance]

yes I have done my 6 disks that Dell sent me and after I do that and am on line for a day or two it goes haywire, I can not go back to the restore date I am blocked on doing that it shows that my computer has been booted yet I have not booted it???I don't know I am NOT a computer person LMMFAOH. Now as far as the link thinggieee LOL I will have to go look for it again and get back to you maybe it is in the search on mydoom F on yahoo don't know. OH Yeah BTW that yahoo spyware picked it up also and I wrote the same number down from it.....Yes Norton is giving me a clean sweep and so is Microsoft Spyware......Yes I am getting ON line but like I say In another day or two my computer is going to crash again just goes black and then I will do that 6 disk thing again that has everything in it the process takes around 3 hours for these disk oK really I don't know what else to say.

Love Vic

[Chance]

Oh BTW now that thing Midas gave me says to uninstall my Norton or it will won't be able to read right am I suppose to do that now?????

[Dan]

Won't hurt to uninstall Norton.
Not one bit.

[Chance]

Ok I uninstalled Norton but now LMMFAOH it says it is still running I donno I am going to go into add and remove and just remove Norton again I think should I???? I hate Norton I should have kept Macaffee

[Chance]

Oh BTW I have progressed a lot in recovery cause by now instead of sitting here laughing about all of this I would have thrown the damn thing out the door LMMFAOH
Love Vic

[Dan]

Yep. Remove Norton. Then run your anti spyware, just to see if you get a different result.

[pedagogue]

I would highly recommend running Grisoft's anti-virus program and chucking Norton. Norton is considered Bloatware (software that is rarely/never optimized, so it becomes a resource hog). I wish I could remember the other Spyware program I use (I'm not at home)....it is a bit more technical, but it does a great job, especially in cases where the regular ones conflict (Search & Destroy, M$'s Anti-Spyware software, Adaware, etc)

Gotta run to earn some $....why else would i have gotten up at 7 something on a sat!! (I'm NOT a morning person....but I have my tea...so all is well)

-p

[Chance]

Ok I have done everything that you all said, the thing that Ann gave me shows 6 BHO's now out of the 6...........5 have addresses to check right..........now the one in question is blank on the address it is at 52% whatever that means.......Also I have tried to do a system restore date to an earlier date and my computer won't let me do that..........So that would give some clue that something is messing with my computer right??????I donno anyway I am going to do the 6 disk thing AGAIN for the 4 TIME in THREE weeks

Vic

[Chance]

The only thing is I don't know how to download everything that I already have on here so I will have to do updates out of my @ss so this might take another 4 hours today LOL Oh well I will stay sober atleast eyyyy

[Gooch]

yup.. some rcovery goin on.. ( hopefully your puter joins in the process as well lol )

thats the way to look at it buddy.. you haven't thrown the thing out the window and your staying sober. (Now about that vein sticking out of your forehead.... )

[Chance]

Quote:

Originally Posted by Gooch

yup.. (Now about that vein sticking out of your forehead.... )

Well just to let you all know after only 3 hours sleep and dealing with this pretty much all last night and all day today it is now 3 in the afternoon, I am really pissed, that is the most polite thing that I can say right now.....LMMFAO Gooch yeah I think I might take a new and say a prayer hell I should lay hands of my PC maybe that will work....OK I know that you are all trying but let me tell you it is not working.....Jon did you find that link I did but then I had a humming noise start on my PC so I powered it off, I will look later but it is there I just read it again>>>>I am tired I am going to take a damn nap...... :hasta

At least it isn't the vein that I used in my arm LOL

Vic,

Do you know how to do a screen grab / capture? I'd love to see exactly what you're looking at that says 52%. ?¿?

There is a new worm/trojan circulating the Web that gets downloaded through an unprotected port using an instant messenger. It will attach itself to the PC's boot sector.

I would like you to do something, Vic, this may save what's left of your sanity.
1. Uninstal Norton's and throw it away.
2. Download and install ZoneAlarm Basic;
http://www.zonelabs.com/store/conten...eeDownload.jsp
[This will also scan your PC very thoroughly]
3. Keep Avast installed, and schedule it to run a Boot Time scan.

If nothing surfaces after this proceedure, run the Stinger Tool. This single-purpose application primarily targets the core & mutations of the Win32/Sober.R@mm trojan;
http://vil.nai.com/vil/stinger

This trojan/worm/virus mass-mailing email virus arrives via e-mail message either in an attachment or embeded in the e-mail body itself.



Jeeze I hope this helps Vic!!! I know exactly how you're feeling. My computers have crashed more times than a demolition derby tag-team race car.

[Chance]

[quote]

Quote:

Originally Posted by Midas

Vic,

Do you know how to do a screen grab / capture? I'd love to see exactly what you're looking at that says 52%. ?¿?



This trojan/worm/virus mass-mailing email virus arrives via e-mail message either in an attachment or embeded in the e-mail body itself.



Jeeze I hope this helps Vic!!! QUOTE]

Nope Midas don't know how to do the screen grab/capture like I said before 6 months ago well LOL almost 7 now I have never touched a computer. Now as far as doing what you said I have done except that Antivirus thing wouldn't work with the firewall that you suggested so I kept the firewall and AVG antivirus OK.....Now that trojan that you described up there mass-mailing email virus, I beleive that is what I picked up when I got over 5,000 emails in less than a two hour period from SR, I could be wrong but OMG I never had problems like this until after that.....Makes sense to me.......my computer Tech back home (very good also) says that it sounds like SR might have a worm causing alot of these email problems don't know I am just a junkie trying to recover....

So I have done what you said except that last step OMG I will have to study that for a week to do that procedure LOL anyway I have it booked marked so when I have time I will check it out....Right now OMG I hope that I am sane enough but I just took a shower, got dressed, and looking sharp LOL<<<<That is hard to beleive but I think I was headed to the bar......Glad that I came back here atleast this time...Thanks again Midas and Jon, Midas might be able to explain that Trojan email thing that uses backdoors better than me.

Love Vic

PS Still waiting for my PC to work right but like I said right now it is doing good but we will see in a few more days what happens until then stay clean....