Trojan Horse BHO.HJE

Natalie105 · #1 (**permalink**) 20/02/09, 13:49

Last night I was browsing on the net, didn't download anything, and a few minutes later, AVG warned me that I had multiple threats. I managed to get rid of most of them but one. It's called

Trojan Horse BHO.HJE

Please can someone tell me
- What this is
- How I've got it
- What it will do to my computer
- How to get rid of it?

I have done a full computer slow scan with AVG but it didn't detect any threats. I also went into Safe Mode to try and get rid of it from there but I don't think it worked! I can't seem to get rid of it!

It's in the 'Web Shield Findings' on AVG and it says

Infection: Torjan Horse BHO.HJE

Object: childhe.com\pas\apstpldr.dll.html?affid=177047&vid =&guid=86CDCF432A2448AAD9DD189B624542543

Process: C:\WINDOWS\explorer.exe

I'd really appreciate it if someone could tell me steps on how I can remove this? Otherwise I'm going to have to wipe my disk which I really do not want to do!

Thanks

Thaylok · #2 (**permalink**) 20/02/09, 14:46

Sounds like a Drive-by download. Very common, especially in a browser like Internet Explorer.

BHO means Browser Helper Object..... a Plug-in (could be an active-X control).

Turning off the Add0on (plug-in) depends on the version of Internet Explorer.

As an interim, go to the link below. Run the Trend Micro Housecall virus scanner. It will take some time.

In your case, I'd suggest using the Javascript version. I'd normally recommend the Active-X option, but not this time. See if that can help.

Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA

After that, you can normally start IE in safe mode (no Add-ons) by going to START>Accessories>System T0OLS> Internet Explorer (No Add-Ons)
You should have this option if you are using IE 7 or 8.

Select the Tools option (usually a button on the toolbar area near the right if you are using IE7 or 8), then select the option for MANAGE ADD-ONs.
Find the addon you did not install and disable it.

You can play with the Internet Options... Advanced tab and REMOVE the check to the segment for Enable third-party browser extensions.

There are other options to take to protect yourself, but i need to go work around the house

as the wife is letting me know that my day off is not a day off for me.

Natalie105 · #3 (**permalink**) 20/02/09, 15:27

Thanks for your help, I'll try those steps after I've finished work around the house

What about if i'm using FireFox. I use FireFox mainly but sometimes when I click on my e-mails from MSN, Internet Explorer comes up automatically. I'll do what you've suggested and if that hasn't worked then I'll let you know :]

Thaylok · #4 (**permalink**) 20/02/09, 17:22

If you are using Firefox, I'd recommend getting NoScript as an Add-On Extension and usig it religiously.
It will block scripts on a page by default for each script source. You can trust each page publisher (yahoo, google *ROFL* MSN...). Or you can specifically perma-distrust someone (like google analytics :-) ) .

But overall, it will help to prevent Drive-by downloads and even Click-jacking. I love it and use it, yes even with compuforums.

Edit: Now back to hanging Pictures in the house for the BOSS (wife)

1993gandy · #5 (**permalink**) 20/02/09, 18:07

start your computer in safe mode and run your anti-virus

Natalie105 · #6 (**permalink**) 20/02/09, 19:50

I've done everything that's been suggested now. About to do another full scan in Safe Mode. In the AVG Web Shield Findings it still says the Trojan is there and the icon hasn't been changed to one which implies it has been removed/healed. How do I make sure this has been removed?

Thanks for your help :]

Thaylok · #7 (**permalink**) 20/02/09, 22:35

Can you open a file explorer and delete the file from the quarantine area? It may be neutralized, but not deleted. Maybe that is all it needs now.

Natalie105 · #8 (**permalink**) 21/02/09, 12:46

Quote:

Originally Posted by Thaylok

Can you open a file explorer and delete the file from the quarantine area? It may be neutralized, but not deleted. Maybe that is all it needs now.

How do I do that?

mel8again · #9 (**permalink**) 21/02/09, 13:13

Quote:

Originally Posted by Natalie105

How do I do that?

Double click on AVG icon in the system tray. When the screen opens click on History and then Virus Vault. Delete everything you find in the Virus Vault and then do another scan.

Natalie105 · #10 (**permalink**) 21/02/09, 13:41

Quote:

Originally Posted by mel8again

Double click on AVG icon in the system tray. When the screen opens click on History and then Virus Vault. Delete everything you find in the Virus Vault and then do another scan.

There's nothing in the Virus Vault and I've just done a full slow scan. It appears in the Web Shield Findings.

splice · #11 (**permalink**) 22/02/09, 18:36

It could be embedded in your system restore folder. The only way to get rid of it, if that's where it is, is to turn off system restore, reboot, then turn system restore back on again. That will delete everything out of your system restore folder. The problem with AVG is that they don't tell you where it's located. I use it myself.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Welcome to CompuForums!
We are a friendly computer forum where you can come to get help with your computer problems, talk about computers and the internet and meet like-minded people. Whether you are a beginner or an expert, everybody is welcome and equal here. Would you like to start posting on these forums today? Just register below, it only takes a minute! Username: Password: Confirm Password: E-Mail: Confirm E-Mail: Agree to forum rules

Welcome to CompuForums!