Malwarebytes and Trojan.BHO

Posted on 2009-12-24
Last Modified: 2013-11-22
Hi everyone,

First happy holidays. I apologize for posting what I imagine you see all the time. I do know that when I post any virus question, I get a lot of help from EE, so hopefully I will again. I also know from my last question on a virus (where I ended up having to reformat), there were like 100 posts. And, somewhere it came up that whenever a question about the best scanner comes up, there are 20 different opinions. Bearing that in mind, here is my dilemma.

I have SBS2003 Standard R2 with Exchange Server 2003 and SQL Server 2005. My network includes eight workstations, all of which are XP Pro with SP3. For over a year now, I have had Trend Micro Worry Free Business Security. (Just the name should have warned me to stay away). They are a good company and support is very good and they have a killer ICON, but forget a Trojan Horse, I don't think Trend Miro could find a actual living, breathing horse if it fell on my server. Just my opinion. It does its real time scan and every once in awhile spots a virus, but NEVER deletes it or cleans it or quarantines it. Plus, once it finds something on the real time scanner, even if another AV program gets rid of it, it continues to show up on the real time scanner as one or two infections (sort of a log), but it always looks as though you have a virus. I will admit you can get updates long after you should.

Anyway, it seems everytime I get a virus, I have to run Malwarebytes to actually remote it.

So, given that I had to update my subscription for TM, I looked around and trialed eSET NOD32. After spending about a month reading the manual, I finally got it installed. I ran it on one of my computers, and it found nothing. I then ran Malwaybytes and it found a few Trojan.BHO and some adware.gamevance malware that both TM and eSET had missed. I looked up .BHO on Google, and found everything from a false positive to delete I.E. and throw your computer in the river. Anyway, Malwarebytes found them and after choosing to clean them and doing a reboot, they were gone.

This was also perplexing, because after doing this VERY easy step, I was confusesd given I saw some threads that some had to do HJT and several other things to get rid of it. Some of these were even on EE, which I consider the end all and be all of computer science and knowledge. So, one of my questions is why do some people have a difficult time getting rid of Trojan.BHO and some don't? Also, is it a bad virus?

My next and only other question is given the above, in what direction should I go for a network AV solution? I don't want some Internet suite/software firewall solution. Just an AV solution which deals with malware and hopefully rootkits, etc.

Trend Micro is out. eSET says it is the best and has never missed a virus in the wild. Well, maybe it doesn't consider Trojan.BHO in the wild? I looked at Malwarebytes (which would only make sense), but it didn't seem like a good choice for a network domain. Did I miss something on eSET NOD32? Maybe the settings were off. I did update the virus definitions of course. It just scares me when TM and NOD32 see nothing and then a free program such as MalwayeBytes finds malware right behind them. I should also say I tried Kapersky, and I am embarrassed to note that I can't recall why I didn't like it.

Any help would be appreciated.


Question by:Bert2005
    LVL 6

    Accepted Solution


    I find it hard to believe that Eset Nod32 missed any Trojan BHO, as I have used it numerous times to clean infected machines which had free-AVG or other similar free antivirus software installed previously. Are you able to attach a zipped file containing your Trojan BHO?
    I would suggest that you use Nod32 "in-depth" scanning including "operating memory" and also make sure that you tick all other options under "Setup" button, including "Runtime Packers" and "strict cleaning".
    Have a look on the 20-year old independant website "" under "Recent test summary" (use free registration to login, if needed) and let me know if you find any better antivirus than Nod32, as I would be glad to know if I need to change my antivirus provider.. even Symantec (ex Norton) failed their independant tests recently (in August 2009 on Windows Vista SP2).
    LVL 3

    Expert Comment

    i hope ur problem will solve by installing webroot internet security or G-data internet security.u also try some cloud computing online scanner if all are fail.just scan and remove it.and also try to repair ur registries.For malware suite, try a-aquared or super antivirus and spyware.thanks kart4578
    LVL 1

    Author Comment

    Thanks to both of you,


    I will try what you say. Believe me, I am trying to like eSET NOD32 and have my Mastercard out and ready. The newest version is much easier to install, but I still had some issues with the .xml file. It isn't straightforward. Generally, I prefer to install my own software as I am rather computer literate, but in eSET's case I almost think I need support to walk me through it.

    The customer rep who was/is very nice didn't know that you can install Remote Admin Console on a different computer than the Remote Admin Server. That's a little scary. But, at least the support tech knew. When I go to set up the configuration file, the list in the tree is a mile long, and I am not sure what to include.

    I hope I am not critcizing your choice. I agree from what I have read the eSET seems to be the best. I couldn't find the real time scanner "scanning" though.

    I can try a comparison with Malwarebytes and eSET on my other machines. I will do as you recommended.

    Do either of you know if Trojan.BHO is a serious trojan? Also, I still don't understand why MBAM had little trouble cleaning them. I also have Trojan Hunter hanging around -- I don't have multiple malware scanners running. Would it find Trojan.BHO. And, what is the best site to actually look up these files to see what they can do. I despise Symantec and McAfee and am quickly becoming a Trend Micro hater. Well, I shouldn't say hater.

    Happy Holidays to both.

    LVL 1

    Author Comment

    >>Have a look on the 20-year old independant website "" under "Recent test summary" (use free registration to login, if needed) and let me know if you find any better antivirus than Nod32<<

    Well, with the free registration, all you get is pass/fail. And, knowing about viruses is important, but for $175 a year, it's a bit steep. I will just have to take your word for it, lol.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
    Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now