Lately we have had a few computers getting infected with this nasty virus called Trojan.BHO. malwarebytes seems to pick it up and quarantine it fine, but it keeps coming back.
this is the Trojan.BHO caught by malwarebytes:
the virus seems to take lodge at the following registry keys:
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) ->
I would suggest that if you are not able to remove the Trojan on normal Windows mode, you should restart on “safe mode” and run a full scan with malwarebytes. if Malwarebytes fails, you should run Combofix.
so far, a malwarebytes FULL scan is doing it for us.
You can also use SUPERAntiSpyware. They will find and remove the many, many, many variants of Trojan.BHO. The Pro Edition with Real-Time Protection enabled should help keep you from getting re-infected, but as rapidly as this infection has changed, any Real-Time Protection is going to be challenged to prevent it.