Microsoft AntiSpy

[~ FreeSpirit ~]

MS Antispy found something called "Trojan.downloader.BHO.reg" on my computer
tonight and said it removed it. I manually deleted (but saved) the Key.
But it didn't remove it because every time it reboots after removing this
crapware it's right back again. What's the story with this? Spybot and
AdAware do not find it.

Google brings up only commercial products to sell when I Googled this thing.
Anyone....

FS~

 

[Mary Sauer]

Read this
http://www.spywareinfo.com/bhos/

 

[~ FreeSpirit ~]

Read this
http://www.spywareinfo.com/bhos/

=================================
OK I disabled it with BHOD-Demon but couldn't rename the .dlls as they are
not on my PC (as per AgentRansack) and manual search. The Key is back in
the registry but marked as DISABLED. Is there any way to get this off my
PC? I think the KEY is what MS Antispyware is seeing. But removing it does
no good as it comes right back.

The website above doesn't explain how to remove it. I went from one site to
another but again SP2 security will not allow my PC to be scanned so this
can be removed - how do I disable SP2s security thing from stopping not only
these scans, but from downloading critical patches from MS and updates from
HP? I have lost control of my own PC to SP2.


FS~


auer MSFT MVP

 

[Sir_George]

MS Antispy found something called "Trojan.downloader.BHO.reg" on my
computer tonight and said it removed it. I manually deleted (but
saved) the Key. But it didn't remove it because every time it reboots
after removing this crapware it's right back again. What's the story
with this? Spybot and AdAware do not find it.

Google brings up only commercial products to sell when I Googled this
thing. Anyone....

FS~

FS,

The following information was found at;

http://www.pcreview.co.uk/forums/thread-1859994.php

These are the steps provided in the above link;

1. Download Process Explorer then extract it from the zip folder.
http://www.sysinternals.com/Utiliti...ssExplorer.html

2. Open Microsoft Anti-Spyware but DO NOT CLICK ON SCAN JUST YET.
3. Now run 'Process Explorer'
4. In Process Explorer look for these processes.. 'Explorer.exe/
Winlogon.exe/Rundll32.exe Right Click on these processes and select suspend.
5. Now Click Run Scan in Microsoft Anti-Spyware.
6. Choose to remove anything it finds.
7. When it asks you to reboot the computer, select NO. Instead you are going
to press and hold the power button on your computer to manually turn it off.
( You have to manually turn it off because windows wont shut down without
winlogon.exe running, and thats how the virus keeps coming back.)

Wait a few seconds then turn your computer back on and you should be free of
the trojan.downloader.bho

Now open Microsoft anti-spyware and go to the quarentine folder and if
theres anything in there , check it all and select remove. Now run another
scan to make sure its gone. Which it should be.