Bo Heap?

[GT500]

I don't know the full virus name, but I do have a link with more info.

I have a client that has McAfee Enterprise Edition (unfortunately there is no way I can get them to switch to something better, so I'm struck trying to deal with this with blasted McAfee in the way) and it is detecting something it's calling bo heap. Assuming that the detection is the same as the info I linked to, will MBAM remove it? I've already told him to download MBAM over the phone, and if MBAM can take care of this for him, then I won't even have to go on-site, which will work out best for my client.

Obviously I have to wonder what else is on the guy's computer, as the IT guys for this company set up user accounts as Administrators on these computers. McAfee (Enterprise Edition or not) cannot protect a system from viruses, and the user always running as admin and browsing with IE6 is a recipe for disaster...

[sho-dan]

Hello GT

Give a read in the first post, could be the same on what your talking about.

mcafeehelp

[GT500]

Removal instructions are not what I need. I just need to know if this infection is removed by MBAM. I can do manual removal without any trouble if it comes to that.

[nosirrah]

There can be thousands of versions of an infection so there is no possible way to answer that .

I cant say that yes we will remove something that is not confirmed to be anything and without even a HJT log to go on .

If you cant get me more info to work with or even better , some samples , I could give you a much better answer .

That thread you linked to is more than a year old so I cant use any of its information .

[GT500]

If you cant get me more info to work with or even better , some samples , I could give you a much better answer .

I might be able to as soon as I have access to the machine. My hope was more that you had heard of this, and would know if MBAM was capable of removing it. From what I'm hearing from the user, it sounds like it's at least partialy removed, so that's a plus. Now Internet Explorer won't open, so I at least have to troubleshoot that.

That thread you linked to is more than a year old so I cant use any of its information .

Well, from what I'm reading here, this is just a generic buffer overflow warning from McAfee that's causing it to terminate IE. The poster is a software vendor wanting to fix a compatibility issue with their toolbar for IE. Granted the toolbar the guys describes sounds like spyware to me, but I'd have to know what type of data it's transmitting before I really had any clue.

Anyway, with luck this will be as simple as a badly coded toolbar that can be gotten rid of. I hate browser extensions anyway. They screw everything up...

It also looks like it could be MS-Java related. I wonder if there's a tool that removes that blasted MS-JVM...

[GT500]

Once I got ahold of the system that had this issue, it was clear that it just needed a reimage. I don't know what was on there, and the system was too bad off to mess with (couldn't use IE at all, and no other browsers work over the corporate proxy without me knowing the settings). The only regret is that I couldn't get samples of the malware for you guys.