Disinfecting a PC… part 5



OK, we’re moving on to BHOdemon to take care of the browser helper objects. Unfortunately it looks like BHODemon is not being currently maintained, the developer has had a housefire.

I am very sorry, but BHODemon is currently on hiatus, as I no longer have the time to devote to it (due to a house fire). You will not be able to download updates or upload reports, and I will no longer be answering emails. At some point, BHODemon may return. I would like to thank everyone for their support over the years.


No date on that post, I do hope things go well for him. BHODemon is one of the smaller/easier tools I know of to identify browser helper objects.

Anyway, details on that next time…. here is a summary of some of the virus findings.

From AVG….

SecThought

The exact description is not available.

A Trojan Horse is a malicious application, which can not spread itself. Original Trojan Horses were programs which acted as a useful utility. Although, in fact, their start used to cause damage to disc content (or part ofit).

At the present time the most spreading Trojan Horses are BackDoor Trojans. They enable remote access to infected computers and PSW (Password Stealers) – they are trying to gather as much private information from the infected computer as possible and to send the info through the Internet.

To remove the Trojan Horse, it is enough to delete the detected file

=================

BackDoor.Ruledor

The exact description is not available.

Backdoor Trojan horses usually install themselves after the Trojan horse file is ran. They also allow remote access to the infected computer when connected to the internet.

In their least dangerous form they can cause the infected computer to download or upload specific files or runcertain programs. More dangerous Trojan horse will allow the perpetrator full control of the infected computer.

=================

BackDoor.Small

The exact description is not available.

Backdoor Trojan horses usually install themselves after the Trojan horse file is ran. They also allow remote access to the infected computer when connected to the internet.

In their least dangerous form they can cause the infected computer to download or upload specific files or runcertain programs. More dangerous Trojan horse will allow the perpetrator full control of the infected computer.

=================

From symantec…
File names: Jawa32.exe

When Spyware.Seekseek runs, it does the following:

1. Adds the registry keys:
* HKEY_CLASSES_ROOT\AdRotator.Application
* HKEY_CLASSES_ROOT\CLSID\{3E7145B1-EA07-42CE-9299-11DF39FF54BD}

2. Monitors visited Web sites and might redirect search queries to other sites.

Well, not much detail on those, AVG doesn’t get quite the detail that symantec does in their encyclopedia, but it seems to effectively clean things out. Not going to waste time looking for other name information from other AV vendors.

   Send article as PDF   

Similar Posts