Recurrent Trojan

  Joe G 22:58 17 Jun 2009

Hi all

Malwarebytes has discovered the following trojans 3 times now - is there a way ofstopping them reinfecting - I have PC Guard AV, Spybot, Adaware & Spyware Blaster installed.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO)
Can you tell me how dangerous this trojan is - I have been getting some odd behaviour recently including dodgy web pages, occasional start up problems and non named programmes putting messages up. Only very intermittently though. is my security seriously compromised or is it more of a nuisance?


  alan2273 23:04 17 Jun 2009

Download and run superantispyware and make sure you update it before you do your scan, also try to run it in safe made.

click here

  alan2273 23:08 17 Jun 2009

I forgot to say if you have system restore on, turn it off to get rid of the restore points as these Trojans hide in system restore. after you have cleaned it switch system restore back on.

Turning system restore off will lose all your restore points.

  Joe G 23:12 17 Jun 2009

Thanks Alan - I will try that tomorrow night

Do you know what the trojan does?

  Joe G 20:58 18 Jun 2009

Run superantispyware & it has found over 50 items including 2 adware HB helpers, 5 browser hijacker helpers and 1 rogue system security. Are any of these particularly dangeroous? Also the earlier trojans were back which I removed with Malwarebytes. I also had a virus picked up by PC Guard - which had Google in its name (sorry should have written it down). Would be interested to know what these all do particularly as I have used the laptop for the occasional on line purchase (though not since being aware of the infections!)

Very impressed with Superantispyware but forgot to turn off system restore before I ran it - presumably I should run again with system restore turned off?

Thanks for the help everyone!


  Joe G 21:59 29 Jun 2009

Hi -been away since last post and wondered if anyone cold advise on how dangerous these infections may be. I will need to spend some time getting rid of them as they have reappeared on reboot and I noticed on another thread that there seems to be a difference of opinion re whether the turning off of system restore makes any differenece.



  DieSse 00:56 30 Jun 2009

Nothing in the Restore points will affect your systems normal running - they will be reloaded however if you do a Restore.

So you can ignore them short term - but switching off System Restore rebooting, switching it back on again, will clear them off the system.

Perhaps a better plan is

Clear your system of malware/ viruses.

Make a Restore Point (which should now be clean)

Use Windows Disk Cleaner to delete all but the last Restore Point.

  Joe G 21:49 05 Jul 2009

Following earlier advice I have spent today running Malwarebytes, Super Antispyware & Spybot offline and turned System Restore off and then on again, rebooted & Malwarebytes still picks them up again.

HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO)
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO)

Can anyone advise what they are (and how dangerous) & how I can finally remove them – do I need to remove them manually using Windows registry editor or is there another way

Thanks in anticipation of some more help on this one!

  DieSse 22:54 05 Jul 2009

Have a browse here

click here

BHOs would normally be removed by good Anti-Malware programs.

Try rerunning Malwarebytes and Spybot S&D (make sure you have the latest definitions and updates for both)- then doing a Disk Clean and a Registry Clean.

I use, very happily, Wise Registry Cleaner for Regisatry cleaning (free version) - it prompts you for a backup before you start, and has not let me down yet. And Wise Disk Cleaner is brilliant and safe.

  Joe G 23:06 05 Jul 2009

Thanks - I updated the definitions before I started. Both Malwarebytes & Superantispyware found the trojan but neither seem easy to get rid of it as it. Not used a Registry Cleaner before - presumably it is straight forward and I will be able to delete this entry with Wise? Should I make a backup though as the Trojan wuld be in the backup and so still on my system?

  gigagiggles 07:16 10 Jul 2009


if you are the sole user or on an admin account, you might want to take the risk of using regedit.exe and search for the offending bho's and exterminate them from the registry yourself.

since they are bho toolbar search add-ons, you may want to look at your browser add-ons and see that these are disabled and uninstalled so they don't reinstall in their mysterious way like microsoft fonts do. this task may be daunting if they're not obvious.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone