Jump to content
Sign in to follow this  
Guest

Trojan.BHO

Recommended Posts

Guest

Hi Developer,

I just did a quick scan and found I am infected with 10 of these Trojan.BHO even after getting the latest update Version 1932 and I didn't delete them yet. I'm including the Developer Log as suggested. I don't know if this is a false positive or not. Please let me know what to do next.

Thanks in Advance

mbam_log_2009_04_02__01_03_05_.txt

mbam_log_2009_04_02__01_03_05_.txt

Share this post


Link to post
Share on other sites
Hi Developer,

I just did a quick scan and found I am infected with 10 of these Trojan.BHO even after getting the latest update Version 1932 and I didn't delete them yet. I'm including the Developer Log as suggested. I don't know if this is a false positive or not. Please let me know what to do next.

Thanks in Advance

I did a scan on my 2 home pc's running XP SP3, and got the same results as you. I think it must be a false positive. I have done nothing with them for now. Please advise if this is a false positive.

Share this post


Link to post
Share on other sites
Yes, it's a false positive and will be fixed in next update. :blink:
  1. After the update if one rescans their machine will these FPs no longer be flagged as such?

  2. If so, then what should users who quarantined those registry entries and files do?

  3. Should they manually restore the quarantined entries?

  4. Should they then rescan their machine?

galileo

Share this post


Link to post
Share on other sites

Newbie question. MBAM also found 10 trojans which I see were false positives. However MBAM was able to remove 5 of them. Will this affect the operating system?

Share this post


Link to post
Share on other sites
1. After the update if one rescans their machine will these FPs no longer be flagged as such?

2. If so, then what should users who quarantined those registry entries and files do?

3. Should they manually restore the quarantined entries?

4. Should they then rescan their machine?

In case people choose to remove, then no harm was done anyway since the entries will just reappear again when people launch IE. Also, no files were removed here either.

In general; fixing above won't break anything and the FP has already been fixed. So please update and confirm this is fixed :)

Share this post


Link to post
Share on other sites
Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{08165ea0-e946-11cf-9c87-00aa005127ed} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{7d559c10-9fe9-11d0-93f7-00aa0059ce02} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{7fc0b86e-5fa7-11d1-bc7c-00c04fd929db} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{abbe31d0-6dae-11d0-beca-00c04fd940be} (Trojan.BHO) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{f5175861-2688-11d0-9c5e-00aa00a45957} (Trojan.BHO) -> Delete on reboot.

from another forum

Share this post


Link to post
Share on other sites
In case people choose to remove, then no harm was done anyway since the entries will just reappear again when people launch IE. Also, no files were removed here either.

In general; fixing above won't break anything and the FP has already been fixed. So please update and confirm this is fixed :)

Intial scan today found 18 infected objects - rescanning with update shows NO infected objects.

Now..."If" files and registry entries had been quarantined what should the average have done?

galileo

Share this post


Link to post
Share on other sites
Now..."If" files and registry entries had been quarantined what should the average have done?
We already discussed this in another thread that automatic restoration of FPs in quarantine is not that obvious. If it was, then I guess every Antivirus and Antispywarescanner would have that option present. Hence, some scanners/removal tools don't even have a backup option...

False positives are something no scanner can avoid, this because more and more malware use legitimate files and keys unfortunately :)

If we notice a FP, then we try to fix it asap.

Share this post


Link to post
Share on other sites
False positives are something no scanner can avoid, this because more and more malware use legitimate files and keys unfortunately :)

If we notice a FP, then we try to fix it asap.

And, without a doubt, your response has been quite rapid... :)...Thank you!

galileo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.