[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Malwarebytes and Trojan.BHO

Posted on 2009-12-24
4
Medium Priority
?
1,022 Views
Last Modified: 2013-11-22
Hi everyone,

First happy holidays. I apologize for posting what I imagine you see all the time. I do know that when I post any virus question, I get a lot of help from EE, so hopefully I will again. I also know from my last question on a virus (where I ended up having to reformat), there were like 100 posts. And, somewhere it came up that whenever a question about the best scanner comes up, there are 20 different opinions. Bearing that in mind, here is my dilemma.

I have SBS2003 Standard R2 with Exchange Server 2003 and SQL Server 2005. My network includes eight workstations, all of which are XP Pro with SP3. For over a year now, I have had Trend Micro Worry Free Business Security. (Just the name should have warned me to stay away). They are a good company and support is very good and they have a killer ICON, but forget a Trojan Horse, I don't think Trend Miro could find a actual living, breathing horse if it fell on my server. Just my opinion. It does its real time scan and every once in awhile spots a virus, but NEVER deletes it or cleans it or quarantines it. Plus, once it finds something on the real time scanner, even if another AV program gets rid of it, it continues to show up on the real time scanner as one or two infections (sort of a log), but it always looks as though you have a virus. I will admit you can get updates long after you should.

Anyway, it seems everytime I get a virus, I have to run Malwarebytes to actually remote it.

So, given that I had to update my subscription for TM, I looked around and trialed eSET NOD32. After spending about a month reading the manual, I finally got it installed. I ran it on one of my computers, and it found nothing. I then ran Malwaybytes and it found a few Trojan.BHO and some adware.gamevance malware that both TM and eSET had missed. I looked up .BHO on Google, and found everything from a false positive to delete I.E. and throw your computer in the river. Anyway, Malwarebytes found them and after choosing to clean them and doing a reboot, they were gone.

This was also perplexing, because after doing this VERY easy step, I was confusesd given I saw some threads that some had to do HJT and several other things to get rid of it. Some of these were even on EE, which I consider the end all and be all of computer science and knowledge. So, one of my questions is why do some people have a difficult time getting rid of Trojan.BHO and some don't? Also, is it a bad virus?

My next and only other question is given the above, in what direction should I go for a network AV solution? I don't want some Internet suite/software firewall solution. Just an AV solution which deals with malware and hopefully rootkits, etc.

Trend Micro is out. eSET says it is the best and has never missed a virus in the wild. Well, maybe it doesn't consider Trojan.BHO in the wild? I looked at Malwarebytes (which would only make sense), but it didn't seem like a good choice for a network domain. Did I miss something on eSET NOD32? Maybe the settings were off. I did update the virus definitions of course. It just scares me when TM and NOD32 see nothing and then a free program such as MalwayeBytes finds malware right behind them. I should also say I tried Kapersky, and I am embarrassed to note that I can't recall why I didn't like it.

Any help would be appreciated.

Thanks.

Bert
0
Comment
Question by:Bert2005
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
expone earned 2000 total points
ID: 26121340

I find it hard to believe that Eset Nod32 missed any Trojan BHO, as I have used it numerous times to clean infected machines which had free-AVG or other similar free antivirus software installed previously. Are you able to attach a zipped file containing your Trojan BHO?
I would suggest that you use Nod32 "in-depth" scanning including "operating memory" and also make sure that you tick all other options under "Setup" button, including "Runtime Packers" and "strict cleaning".
Have a look on the 20-year old independant website "www.virusbtn.com" under "Recent test summary" (use free registration to login, if needed) and let me know if you find any better antivirus than Nod32, as I would be glad to know if I need to change my antivirus provider.. even Symantec (ex Norton) failed their independant tests recently (in August 2009 on Windows Vista SP2).
0
 
LVL 3

Expert Comment

by:kart4578
ID: 26121878
i hope ur problem will solve by installing webroot internet security or G-data internet security.u also try some cloud computing online scanner if all are fail.just scan and remove it.and also try to repair ur registries.For malware suite, try a-aquared or super antivirus and spyware.thanks kart4578
0
 
LVL 1

Author Comment

by:Bert2005
ID: 26122880
Thanks to both of you,

@expone

I will try what you say. Believe me, I am trying to like eSET NOD32 and have my Mastercard out and ready. The newest version is much easier to install, but I still had some issues with the .xml file. It isn't straightforward. Generally, I prefer to install my own software as I am rather computer literate, but in eSET's case I almost think I need support to walk me through it.

The customer rep who was/is very nice didn't know that you can install Remote Admin Console on a different computer than the Remote Admin Server. That's a little scary. But, at least the support tech knew. When I go to set up the configuration file, the list in the tree is a mile long, and I am not sure what to include.

I hope I am not critcizing your choice. I agree from what I have read the eSET seems to be the best. I couldn't find the real time scanner "scanning" though.

I can try a comparison with Malwarebytes and eSET on my other machines. I will do as you recommended.

Do either of you know if Trojan.BHO is a serious trojan? Also, I still don't understand why MBAM had little trouble cleaning them. I also have Trojan Hunter hanging around -- I don't have multiple malware scanners running. Would it find Trojan.BHO. And, what is the best site to actually look up these files to see what they can do. I despise Symantec and McAfee and am quickly becoming a Trend Micro hater. Well, I shouldn't say hater.

Happy Holidays to both.

Bert
0
 
LVL 1

Author Comment

by:Bert2005
ID: 26126188
>>Have a look on the 20-year old independant website "www.virusbtn.com" under "Recent test summary" (use free registration to login, if needed) and let me know if you find any better antivirus than Nod32<<

Well, with the free registration, all you get is pass/fail. And, knowing about viruses is important, but for $175 a year, it's a bit steep. I will just have to take your word for it, lol.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question