Just found this using Malwarebytes, but can not find any info on line that expains what this Trojan.BHO does and what harm may have been done before it was removed. Any info on this infection would be appreciated. Thank you!
Hello SlowGuy
Perhaps malwarebytes forum has a listing of malware that it can find and the damage that can be caused by it. Since you have had 2 recent trojan experiences, you could try a scan with the free version of SUPERAntiSpyware and see if that comes up with..
Here is a free on demand antimalware scanner. It is safe to use on demand with your Norton product.
http://www.superantispyware.com/
Here is another site you can use to get the program.
http://www.filehippo.com/download_superantispyware/
The download button is on the right hand side. Please be careful not to download Spyware Doctor which is on the left side. Also, please don't forget to update the program each time before use of it. In fact you can update it every day just in case some malware may prevent you from updating it.
Please also provide us with a scan with HiJackThis to see if there is something that may be causing you to get these trojans.
Please download HiJackThis from http://free.antivirus.com/hijackthis/ Choose the executable and save it on your desktop. Run the file and select the first option on the main menu "Do a system scan and save a log file". When this is finished, Notepad will open with the log file in it. Save the log file and attach it to a post here via the Add Attachments Please don't attempt to fix anything that it shows until someone checks out the log. Thanks.
Please come back with this information and then perhaps we can find why you are getting all these infections. Thanks.
BHO usually means a Browser Helper Object.
Hello floplot,
I ran the hijackthis scan and here is the log. Please let me know what you find. Please also be aware that yesterday after running the malewarebytes and superantispyware scans I had them clean the computer of all of the identified infections. I hope the scan will still provide some useful information.
Thank you!
Thank you, cgoldman...
I don't know what a Browser Helper Object does, but I appreciae the information.
The little info I could find on this Trojan online indicates that it is a Keylogger of some sort and that it has something to do with Internet Explorer... but I don't know if this is accurate or what (if any) personal information may have been logged.
Hi SlowGuy
Q: In addition to Norton Security Suite are you running SAS as Real Time ....as per hijackthis log it appears you are ?
SlowGuy wrote:Thank you, cgoldman...
I don't know what a Browser Helper Object does, but I appreciae the information.
The little info I could find on this Trojan online indicates that it is a Keylogger of some sort and that it has something to do with Internet Explorer... but I don't know if this is accurate or what (if any) personal information may have been logged.
From Wikepedia
A Browser Helper Object (BHO) is a DLL module designed as a plugin for Microsoft's Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of the Windows Explorer, a new instance is launched for each window.
bjm_ wrote:Hi SlowGuy
Q: In addition to Norton Security Suite are you running SAS as Real Time ....as per hijackthis log it appears you are ?
Possibly not The Free Version after install shows like that even when the realtime scanner disabled, Until you change the settings.
But that has been stated about in this forum before. Hijackthis does not show the difference between the Free and Pro version with the as both can have options selected for startup which means that they look the same in hijackthis. Has nothing to do with the Realtime Scanner.
Quads
Hello
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
Out of curiousity, is this anything bad? I'm not an expert with HiJackThis logs.
floplot wrote:Hello
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
Out of curiousity, is this anything bad? I'm not an expert with HiJackThis logs.
I'm not going to state if there are any bad entries in the Hijackthis log or not! But then again I didn't ask for a log.
Quads
Quads wrote:
Possibly not The Free Version after install shows like that even when the realtime scanner disabled, Until you change the settings.
But that has been stated about in this forum before. Hijackthis does not show the difference between the Free and Pro version with the as both can have options selected for startup which means that they look the same in hijackthis. Has nothing to do with the Realtime Scanner.
Oh! OK... Thanks...I have all my SAS free startup options disabled...I have just about everything disabled and delete WinLogon and Bootsafe and extra Language files with ver updates....guess, that's why my personal Hijackthis log never populates any SAS.
I have my MBAM free disabled at startup....guess, that's also why my personal Hijackthis log never populates any MBAM.
Thanks, I did not know that about Highjackthis....Now I do 
That's what happens when people can't read logs or use other programs properly but ask others to use them. Dangerous
Quads
Happy, I never asked others to use them....I knows my limitations....Since, we had our meeting of the minds.
We be on the same page now ! You have a convert...I've seen the light.
It is too Dangerous to play with fire.
I posted to Bleeping and boy was that an eye opener.... It's like Norton Forums v Bleeping are in a different universe. Was a great experience 
Regards
bjm_