Trojan.Bohu
Trojan.Bohu is a computer Trojan horse that when executed will display advertisements on the infected computer. Trojan.Bohu will disguise itself as a video player that is required to be installed on the computer before visitors can watch online video.
Technical Information:
Alias: TROJ_GORIADU.SMM
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Trojan.Bohu:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Download and execute files
- Block Internet access
- Redirect predefined URL to other web sites
- Embed snippets to online banking web sites to steal information
Malicious Files Added by Trojan.Bohu:
%System%\netplayone\MyIEData\SysDat.bin
%System%\netplayone\MyIEData\main.ini
%System%\netplayone\netplayone.dll
%System%\nethome32.dll
%System%\siglow.dll
%System%\passthru.dll
%System%\drivers\siglow.sys
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetHomeIDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\speednet_sph\”PathName” = “%System%\netplayone\netplayone.dll”