Author Topic: PartnerBHO Trojan  (Read 3708 times)

Offline viper xeon

  • Newbie
  • *
  • Posts: 13
    • Personal Message (Offline)
PartnerBHO Trojan
« on: June 20, 2009, 05:30:14 PM »
Hello.

I just scanned my computer with Spybot and it found 8 entries of "PartnerBHO"

I'm currently using Windows service pack 3.

Any suggestions to help me?

Offline polonus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 20168
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: PartnerBHO Trojan
« Reply #1 on: June 20, 2009, 06:10:40 PM »
Hi viper xeon,

This is a malware browser helper object. Give us a hijackthis log txt in your next posting as an attached txt file to be analyzed, download hjt from here: http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline viper xeon

  • Newbie
  • *
  • Posts: 13
    • Personal Message (Offline)
Re: PartnerBHO Trojan
« Reply #2 on: June 20, 2009, 07:52:35 PM »
Here you go.
 :)

Offline polonus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 20168
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: PartnerBHO Trojan
« Reply #3 on: June 20, 2009, 09:14:09 PM »
Hi viper xenon,

Fix the following entries with HJT

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
This entry should be fixed by HijackThis!

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
This entry should be fixed

O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\Documents and Settings\All Users\Application Data\Partner\partner.dll
Malware should be fixed at reboot

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL  Check this at virustotal.com

O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt


O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe
Malware should be fixed at reboot,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now