trojan downloader BHO Req

[Earl]

Spyware defs of August 26, 12:26:55pm are reporting that
I have the trojan downloader BHO Req on my computer.

I've tried removing it, but each time I do, it tells me to
reboot, and after rebooting and scanning again, it still
reports trojan downloader BHO Req is still on my computer.

Does anyone have a solution to this?

Earl

 

[Tom Emmelot]

Hello Earl,

did you try a full scan with MSAS in Safe mode?

Press f8 at startup.

Regards >*< TOM >*<

 

[Andre Da Costa [Extended64]]

From Bill:
Hi,

Things have moved on a little and I've managed to get rid
of the problem, but I thought I'd give a summary here in
case anyone encounters something similar.

As I mentioned initially, MSAS picked up the presence of
something it referred to as Trojan Downloader BHO.Req,
identifying the file responsible as
c:/windows/system32/ddayv.dll.

After several unsuccessful attempts to let MSAS fix the
problem I disabled the BHO via IE/Tools/Manage add-ons,
and started looking on the internet for a solution.

During the next 4 hours or so the laptop was rebooted a
few times and on each occasion the BHO remained disabled.
But then, having been switched off overnight, when it was
started the following day the BHO.Req entry had
disappeared, but was replaced by another BHO identified
as MSevents Object. This time the file responsible was
identified as ddabx.dll.

I disabled MSevents and did a Google search, which
indicated that this was a symptom of the trojan Vundo. I
then followed the instructions at
http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/
216210/an/0/page/0 and successfully cleaned the laptop.

The one slight anomaly was that when I searched the hard
drive (prior to the fix) for the file ddabx.dll it drew a
blank. So where the fix instructions indicated I
should "kill" ddabx.dll on reboot, I removed the original
ddayv.dll file instead. It seems that this file has the
ability to mis-represent itself to MSAS, Hijack This and
other diagnostic aids.

So more by luck than anything else I seem to have
resolved the matter. I hope this is of some use to anyone
else who gets hit by something similar.

Bill
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Guest]

Thanks.. that worked. my dll was vtsrp.dll, not the
ddayv.dll mentioned below, but the answer did finally rid
my computer of the trojan.

Earl

 

[Guest]

I had scanned in safe mode, but that didn't help.

The previous reply from Andre Da Costa [Extended64]
helped - after following his steps, MSAS is now scanning
clean.

Thanks,

Earl

 

[~ Free Spirit ~]

Spyware defs of August 26, 12:26:55pm are reporting that
I have the trojan downloader BHO Req on my computer.

I've tried removing it, but each time I do, it tells me to
reboot, and after rebooting and scanning again, it still
reports trojan downloader BHO Req is still on my computer.

Does anyone have a solution to this?

==================================
Nothing I used got rid of this one, but THIS worked. I shut off systen
restore and rebooted. I deleted all my Temp and Temporary Internet files,
my HISTORY, and all cookies. Then in SAFE MODE I ran MS AntiSpyware (MSAS)
and told it to delete the Trojan. I ran HiJack this and and told it to do
away with the Trojan. I renamed the Trojan's dll under Windows/system32,
then it's KEY in the registry and rebooted! (Back up the registry first)
VOILA! No more Trojan. I rebooted again - no Trojan, so I turned System
restore back on, set a date and was on my way......

FS~

 

[~ Free Spirit ~]

Hello Earl,

did you try a full scan with MSAS in Safe mode?

===========================
ASAS cannot get rid of this Trojan in Safe Mode. I believe it relaunches
with every reboot. See my post above.

FS~

 

[~ Free Spirit ~]

From Bill:
Hi,

Things have moved on a little and I've managed to get rid
of the problem, but I thought I'd give a summary here in
case anyone encounters something similar.

As I mentioned initially, MSAS picked up the presence of
something it referred to as Trojan Downloader BHO.Req,
identifying the file responsible as
c:/windows/system32/ddayv.dll.

$$ It has different versions of that dll. On my PC it was pmkhh.dll.

After several unsuccessful attempts to let MSAS fix the
problem I disabled the BHO via IE/Tools/Manage add-ons,
and started looking on the internet for a solution.

During the next 4 hours or so the laptop was rebooted a
few times and on each occasion the BHO remained disabled.
But then, having been switched off overnight, when it was
started the following day the BHO.Req entry had
disappeared, but was replaced by another BHO identified
as MSevents Object. This time the file responsible was
identified as ddabx.dll.

I disabled MSevents and did a Google search, which
indicated that this was a symptom of the trojan Vundo. I
then followed the instructions at
http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/
216210/an/0/page/0 and successfully cleaned the laptop.

The one slight anomaly was that when I searched the hard
drive (prior to the fix) for the file ddabx.dll it drew a
blank. So where the fix instructions indicated I
should "kill" ddabx.dll on reboot, I removed the original
ddayv.dll file instead. It seems that this file has the
ability to mis-represent itself to MSAS, Hijack This and
other diagnostic aids.

$$ I was unable to delete the dll.

So more by luck than anything else I seem to have
resolved the matter. I hope this is of some use to anyone
else who gets hit by something similar.

FS~