Re: FN-FORUM:Trojan troubles

date posted 29th October 2007 23:46


On 30 Oct 2007, at 00:14, Carrie wrote:

>
> Hi all
>
> thanks for the replies,
> I have tried in safe mode and with and without system restore, and =20
> retarting in safe mode. No luck.
>
> Thanks for the browser helper widget Tony, it is very useful but =20
> has not indicated that there is anything amiss with the browser =20
> helper objects. And I have disabled everything except the spybot =20
> and adobe ones.

well your trojan appears to have a double whammy - the trojan, the =20
registry entry and the BHO, so you'll need to get rid off all of them =20=

and the copies in any system restore files...

>
>
> Thanks Dom for your comments, in fact I only ever use IE for =20
> testing, however my teenaged son has been visiting, and a cursory =20
> investigation of the tempory internet files he left behind it seems =20=

> he has been gulity of the ultimate nono, he has been viewing "adult =20=

> material" using IE.
>
> I did a routine check after he left ( this isn't the first time!), =20=

> so I picked up the problem fairly quickly.
>
> I have now restricted his account - no priviledges at all! when he =20
> next comes over he will have to ask me permision to run anything on =20=

> my laptop.
> Hopefully that should help, but as Dom says it is too late now!
>
> Spybot is still reporting Win32.BHO.df any more ideas?

well:
http://www.sophos.com/security/analyses/trojbhodq.html

says it's aka =09

=95 W32/Trojan.BXJR
=95 Win32/BHO.G
=95 Trojan.Win32.BHO.df

have you tried the windows malicious software remover?
http://www.microsoft.com/security/malwareremove/default.mspx