Jump to content

Trojan BHO


Recommended Posts

I recently downloaded the latest version of Malwarebytes and scanned by computer.

All were removed except 2 files that are Trojan BHO's

Please help me remove them in a safe and effective manner.

Here is a copy of my scan log:

Malwarebytes' Anti-Malware 1.36

Database version: 2035

Windows 5.1.2600 Service Pack 3

4/23/2009 10:22:50 PM

mbam-log-2009-04-23 (22-22-50).txt

Scan type: Quick Scan

Objects scanned: 99960

Time elapsed: 24 minute(s), 38 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 3

Registry Keys Infected: 58

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 2

Files Infected: 26

Memory Processes Infected:

C:\Program Files\Fasoo DRM\fph.exe (Trojan.BHO) -> Unloaded process successfully.

C:\Program Files\Fasoo DRM\fpm.exe (Trojan.BHO) -> Unloaded process successfully.

Memory Modules Infected:

C:\Program Files\Fasoo DRM\f_blksc.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Fasoo DRM\f_sps.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Fasoo DRM\f_xlus.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0b95b492-96de-4306-8abd-50a0a6f3f7a9} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{685a6c0f-9079-4390-bcdd-496df41ba720} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7fc8dee9-ff74-4dea-adeb-67c58d670116} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7e7224ee-4744-4264-8fa1-c2ae4eedd418} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0c0205c6-d740-4d5b-ab69-15ef46f2560d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{92d53615-9019-4241-8776-fffd9debdf5f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1de3791c-e723-447a-a402-37fd2f133750} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d827611e-de82-4010-b6d6-1df3f63f5065} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{a7e8de60-4dea-11d6-a03d-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a7e8de6c-4dea-11d6-a03d-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5e705a09-557a-4ceb-8177-c94e0400c902} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b4c942e7-57d6-41fd-bb18-15c077179dcc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{72917d60-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72917d6d-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{72917d6e-46aa-11d6-a038-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{f7e4275d-81cb-4cc9-bf45-cc3b86eb9570} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{da74df6a-4b0b-4e42-9166-290b56239b69} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1773a6ae-93d3-4ce2-9965-ae29f1e59db1} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{49086551-9514-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dd846afe-9557-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dd846b02-9557-11d5-9772-0090273528bb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3a48d2b8-2ea5-418a-a4d4-52b6bbfc7e95} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{81abbbb2-c869-4e35-ae7a-583b470d3ed9} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{a77c1658-358a-484a-ac86-bcfc0ef1d216} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{979e5fcf-eb94-4532-adc7-dcbe57dc1203} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{da3144f1-fce0-4012-a289-e4ceada25ee6} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{d55001f0-20eb-11d6-a01a-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d55001fd-20eb-11d6-a01a-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e547fb26-f94d-4b3c-99cb-c65003542a0a} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{e9b499c0-539b-11d6-a044-00d0b7909b4d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{952eb86c-14bf-4cff-bb1b-af65b473bc5d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{a82eed52-7466-4fb6-b8b5-1107c1828b4f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e467ddd-f8a8-4845-acdf-775746a79725} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{934cefdc-e880-446f-880f-6560f613d8aa} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{d0ec0e13-653f-4179-a9f3-36fcc18ba1fe} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63fbeaea-c6e1-4459-86e4-89dbc80483a5} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{89b57bdb-76ab-4286-ba0b-e078b047917f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{77f32d4b-4ebc-485c-beef-4a785c2de9ef} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{977c2ab9-65ab-4fc5-ab27-6f75ae895ba5} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{99377556-8db4-40eb-80d0-9458aa9795a9} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3afec45d-d276-4d52-8a97-7fe8404fd91d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bccc4a7e-b86b-4529-8ece-ba6ea51fefe0} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7c6086a8-f0c9-4820-98e5-c1cae534964d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d8bebcf7-802b-46fa-bdaf-878c5e920fe8} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{4f1dd9f0-0291-47c2-806f-8797fab5733e} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c6f0a2bb-0186-4e12-9efc-8706ae291c39} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7deec705-feca-4afb-ab22-032f7168693c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c2066a68-3498-4bc5-b6e9-c682f87e72f0} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{02994189-bf48-4e33-87c6-fae0ee3f75d2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7c2c8645-8e7d-4824-b1b7-d7ba35430b8a} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{f3c24f79-8632-48fe-8124-53cdfa288380} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f13a533-b5d4-41dd-94a2-b6a1029459d2} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c05f5f13-88fa-424d-afcd-81c6e0e3c788} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fph exe (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fpm exe (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\Fasoo DRM (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Fasoo DRM\Log (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Fasoo DRM\fasoo_license_manager.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\fasoo_license_manager2.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\fph.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\fpm.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\fsmLoader.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_agent.exe (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_ai.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_blksc.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_cie.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_cm.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_dc.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_dm.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_dn.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_info.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_pm.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_ProductMgr.ini (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_sps.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Fasoo DRM\f_ver.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\f_xlus.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\image_ocx.ocx (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\media_ocx.ocx (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\ms_license_manager.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\ms_license_manager2.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\SetParam.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\Fasoo DRM\Log\101.log (Trojan.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.