Hello, new to the forum and not too computer savvy. I keep having a virus pop up everytime i access the internet. It says Win32:BHO-LA. The recommended action is to move to chest but everytime that i do that, a window comes up access denied, and i cant do anything unless i click no action, which cant be good. Now my computer is tellinfg me that i have critically low disk space and won’t let me clean anything up. My cable connection is dreadfully slow and i dont know if this virus or viruses has anything to do with it. Hoping that someone can help. Thanks!

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG or Panda.

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

It’s probably an embedded dll:

One snag you may get caught on is the fact that it may embed .dll files into your Windows login files, and listed antispyware may not fix the problem. Manually deleting these files may be the only way to fix this problem, as most anti-spyware programs do not run before login.

http://en.wikipedia.org/wiki/WinFixer#Removal

Booting into Safe Mode with Command Prompt may allow you to delete it, or if you have a Windows CD, follow this advice substituting the name of the file avast! finds:

VirtuMonde.c Solution

I found the solution by inserting a Windows XP CD into the drive and booting from it. I then chose the repair option which landed me at a command prompt. From here, I navigated to c:\windows\help\mui\accas.dll and renamed the file. Commands:
c:
cd\windows\help\mui
ren accas.dll accas.old

http://www.auditmypc.com/virtumonde-remove.asp

ComboFix also seems to be effective:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

First off I would like to say that I sympathize with you and your problem. I had the same identical problem as you but with a different version of the Win32 virus/Trojan. 2 of my computers were infected and I followed the advice of “Tech” and “FreewheelinFrank”. They are very knowledgeable and do know what they are talking about. They taught me for sure. Following their suggestions, cleared my computer #1 of it’s infection but computer #2 followed your problem in that the file was ‘access denied’. I repeated their advice several times but the Trojan kept coming back. So I tried this trick and it worked and now my computer #2 is free of infection. When Avast denied me access, I copied the exact location of the file which ended up in the Temporary Internet folder which is hidden by default. You can force this file to be shown by going to ‘tool’ menu located in any explorer folder and selecting ‘Folder Options’. In the Folder Options select the ‘View’ tab and scroll down to the entry ‘show hidden files and folders’ and make sure prothat is checked off. Also uncheck the ‘hide protected operating system files’. This will allow you to access the Temporary Internet Files in shown in the Avast window. Download this program; Unlocker v1.8.5 from this location: http://www.majorgeeks.com/Unlocker_d4660.html When you have this program installed, go to the Temporary Internet Files location that you noted from the Avast window. Right click on that file and select ‘Unlocker’. When you do that another window will pop up showing you the location and name of the file/files that is locking up your infected file which prevents you from doing anything with it. Write down that exact location for future action. At the bottom of the ‘Unlocker’ window you have the option to Unlock All. Click on that option and now your infected file is accessable. You can then delete it. I used a program called “Eraser” to overwrite this file. It is a good program for deleting files that cannot be recovered. Mine is set to 7 overwrites. You can just use Windows Delete button if you wish. After deleting the infected file, go to the location that you noted in the ‘Unlocker’ window. Mine happened to be in the System 32 folder and was called ‘Routing.exe’. When you find that file you can do whatever you want with it. I chose to rename the file and move it to another location. I just did this yesterday morning and after scanning my computer 2 or 3 times and rebooting a couple of times, my computer #2 is free from infection so far. I’ll give it a couple more days and then I will delete the file that I moved. That file was not in my computer #1 so I am sure that it is a suspect file and I am sure that I can do away with it. I hope that this helps you out. Make sure that you still follow the suggestions given to you by ‘Tech’ and ‘FreewheelinFrank’ and coupled with my suggestions, your computer should be free of infection. If you would like the free program called “Eraser”, you can download it from here; http://www.download.com/Eraser/3000-2092_4-10231814.html Good luck and let us know how it all turned out.

Indeed Unlocker and Eraser could play a role.
Sometimes, Unlocker (specially in Vista) can’t do anything. Other deletion tools would be Delete FXP (http://www.jrtwine.com/) and KillBox (http://killbox.net/).

Thank you all, trying as we speak!

Well, Delete FXP is not free, it has limitations.
KillBox is a freeware.

Thanks for all your help guys. everything seems to be ok so far and i have a combofix and hijackthis log posted and just waiting for someone to look those over. Thanks again and will update if anything occurs.

Hi, I have a friend with this trojan on his computer.
Could you post the links to where you posted the logs so i may follow :).
Thanks
avast detects it, but can’t remove it.
Its in a file called deskmonh.dll in system32.