Malwarebytes and Trojan.BHO
Posted on 2009-12-24
First happy holidays. I apologize for posting what I imagine you see all the time. I do know that when I post any virus question, I get a lot of help from EE, so hopefully I will again. I also know from my last question on a virus (where I ended up having to reformat), there were like 100 posts. And, somewhere it came up that whenever a question about the best scanner comes up, there are 20 different opinions. Bearing that in mind, here is my dilemma.
I have SBS2003 Standard R2 with Exchange Server 2003 and SQL Server 2005. My network includes eight workstations, all of which are XP Pro with SP3. For over a year now, I have had Trend Micro Worry Free Business Security. (Just the name should have warned me to stay away). They are a good company and support is very good and they have a killer ICON, but forget a Trojan Horse, I don't think Trend Miro could find a actual living, breathing horse if it fell on my server. Just my opinion. It does its real time scan and every once in awhile spots a virus, but NEVER deletes it or cleans it or quarantines it. Plus, once it finds something on the real time scanner, even if another AV program gets rid of it, it continues to show up on the real time scanner as one or two infections (sort of a log), but it always looks as though you have a virus. I will admit you can get updates long after you should.
Anyway, it seems everytime I get a virus, I have to run Malwarebytes to actually remote it.
So, given that I had to update my subscription for TM, I looked around and trialed eSET NOD32. After spending about a month reading the manual, I finally got it installed. I ran it on one of my computers, and it found nothing. I then ran Malwaybytes and it found a few Trojan.BHO and some adware.gamevance malware that both TM and eSET had missed. I looked up .BHO on Google, and found everything from a false positive to delete I.E. and throw your computer in the river. Anyway, Malwarebytes found them and after choosing to clean them and doing a reboot, they were gone.
This was also perplexing, because after doing this VERY easy step, I was confusesd given I saw some threads that some had to do HJT and several other things to get rid of it. Some of these were even on EE, which I consider the end all and be all of computer science and knowledge. So, one of my questions is why do some people have a difficult time getting rid of Trojan.BHO and some don't? Also, is it a bad virus?
My next and only other question is given the above, in what direction should I go for a network AV solution? I don't want some Internet suite/software firewall solution. Just an AV solution which deals with malware and hopefully rootkits, etc.
Trend Micro is out. eSET says it is the best and has never missed a virus in the wild. Well, maybe it doesn't consider Trojan.BHO in the wild? I looked at Malwarebytes (which would only make sense), but it didn't seem like a good choice for a network domain. Did I miss something on eSET NOD32? Maybe the settings were off. I did update the virus definitions of course. It just scares me when TM and NOD32 see nothing and then a free program such as MalwayeBytes finds malware right behind them. I should also say I tried Kapersky, and I am embarrassed to note that I can't recall why I didn't like it.
Any help would be appreciated.