Win32:BHO-KD(trj) Trojan Horse

Viruses and worms
1

Avast catches a virus : File Name: C:\windows\system32\colbac.dll(upx) ; Malware name: Win32:BHO-KD(trj) ; Type: Trojan Horse

I can’t get rid of it. I’ve tried so many other spyware programs and anti-virus programs. Please help. Do I need to post a Hijack This?
Any and all help will be greatly appreciated.
Thanks

2

Why can’t you get rid of it ?
e.g. what errors or warnings are you getting, file in use, etc.

Or does it keep coming back in the same location ?

Have you tried an avast boot-time scan ?
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.

I would also suggest a forum search for the malware name in your subject tital as I believe there have been other topics on this.

3

Hi jmourad,

Here you find a cleansing routine for your type of Win32:BHO-KD with the batch file to use or to be used inside avenger, and the deletion of the Browser Helper Object:

http://forum.idg.pl/index.php?s=05832c5eec0adf598f09635e9162a212&showtopic=125888&mode=threaded&pid=1100446

polonus

4

The Avast boot time scan catches it but I get the “access denied” when it tries to move it to the chest and/or delete it. Everytime I open IE, Avast gives me the warning of the virus being detected. However, when you try to delete or move to chest it gives the sames “access denied” error.
It appears to keep coming back in the same location every time.
I tried the link with the batch file to use for a cleansing routine, but it’s in another language.
Thanks for your help.

5

Have you checked the forum search function, there are many hits.
http://forum.avast.com/index.php?topic=32955.0
http://forum.avast.com/index.php?topic=32971.0

6

Hi jmourad, translated it for you,

Better use Cobofix later as well.

1.Paste into Notepad:
CODE
DISABLE prmuqbcm
ATTRIB -R-S-H C:\WINDOWS\system32\drivers\lemxyjjz.dat
DEL C:\WINDOWS\system32\drivers\lemxyjjz.dat
ATTRIB -R-S-H C:\WINDOWS\system32\colbac.dll
DEL C:\WINDOWS\system32\colbac.dll
EXIT

Write this as a file DEL.TXT and place this in C:\WINDOWS.

  1. Start your CD XP in the Recovery Console.
    Whenever you are on the command line, give in:

BATCH DEL.TXT

Wait as your machine resets itself.

Then:

Start >>> Execute >>> choose (or write) cmd>> and give in the command (each time click “ENTER”):
as given here

SC DELETE prmuqbcm

Then:
In Notepad paste:
CODE
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6B6940E1-33B2-44D8-91B1-289090318DA4}]

With Notepad >>> File >>> Save as >>> : “Select all” >>> Write as FIX.REG >>>
choose file (doubleclick and OK).
Restart your computer

polonus