Friday, February 28, 2014

Completely Get Rid of Win32:BHO-ALX[Trj]

Complaints about Win32:BHO-ALX[Trj]:
Avast automatically blocks it(Win32:BHO-ALX[Trj]). In the virus chest under name is is called IEOptimizer64.dll with the location C:Program Files (x86)\SavingsBull.

After running a full scan another item was added to the chest. Name is 6273be.msi. The original location is C:/Windows/Installer

I noticed another area in which it is in, but not picked up by avast C:\Program Files\SavingsbullFilter. **have tried deleting it, but won't allow me to**

I keep getting popups of it being blocked by avast and having more copies added to the chest.
Another thing is when it is blocked firefox will close out.

How harmful Win32:BHO-ALX[Trj] is?
Win32:BHO-ALX[Trj] is a nasty computer virus which is detected by antivirus software and classified as Trojan horse.  Here are the vicious tasks of Win32:BHO-ALX[Trj] virus:

Win32:BHO-ALX[Trj] will drag down the performance of the infected PC day after day. Usually, Win32:BHO-ALX[Trj] will run in the background to fill up lots of hard disk space with many unwanted items and take up high CPU usage.

Win32:BHO-ALX[Trj] virus will automatically download some potential unwanted programs for its own benefit and chisel up backdoors in the background which allow other kinds of computer viruses such as browser hijacker, warms, adware, etc to invade into the compromised PC much more easily.
All in all, Win32:BHO-ALX[Trj] is a big threat to your operating system, you should remove it  as soon as possible before it makes more damages to your PC.

Here are two effective methods to get rid of this pesky Trojan horse, choose one of you like to regain a clean PC now.

How to remove Win32:BHO-ALX[Trj] manually?

1. Please restart the computer and put it in Safe mode with Networking. 
Here’s the guide: Restart the computer upon the locking screen and start hitting F8 key repeatedly when PC is booting up again; if successfully, Safe mode options will show up on the screen for you to select. Please use arrow keys to highlight Safe mode with Networking option and hit enter key. System will be loading files into this mode afterward.



2. Disable any suspicious startup items that are made by infections.
Here’s the guide: Click Start menu ; click Run; type: msconfig in the Run box; click Ok to open the System Configuration Utility; Disable all possible startup items generated.



3. Stop all the malicious processes
Here is the guide: Open task manager by pressing Alt+Ctrl+Del keys at the same time. Another way is to click on the Start button and choose Run option, then type taskmgr into and press OK.




Terminate all the processes about the virus



4. Show hidden files and folders and delete all the following files.
Here is the Guide: click the Start button and choose Control Panel, clicking Appearance and Themes, to find Folder Options then double-click on it. 




In the pop-up dialog box, click the View tab and uncheck Hide protected operating system files (Recommended).


Delete all the infected files
%AppData%\<random>.exe
%CommonAppData%\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>
C:\Windows\Temp\<random>.exe

5. Open Registry Editor to delete all the vicious registries
Here is the guide: open Registry Editor by pressing Window+R keys together.(another way is clicking on the Start button and choosing Run option, then typing into Regedit and pressing Enter. )




Delete all the vicious registries as below:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Search Page" = http://www.<random>.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main "Start Page" = http://www.<random>.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search "CustomizeSearch" = http://www.<random>.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing "NewTabPageShow" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = HKEY_LOCAL_MACHINE\SOFTWARE\<random>Software
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wpm



Video on how to remove Trojan horse



If the manual guide is kinda difficult for you, please feel free to download automatic removal tool SpyHunter to drive the self-invited guest away.

Method two: Automatically remove Win32:BHO-ALX[Trj] with Spyhunter antivirus software:

 

Step 1: click the icon below to download automatic removal tool SpyHunter

 
http://www.pcresolvers.com/spyhunter.php

 

Step 2: follow the instructions to install SpyHunter

 



 

Step 3: run SpyHunter to automatically detect and uninstall OffersWizard

 


Summary: Due to the changeable characters of Win32:BHO-ALX[Trj], you cannot be too careful to distinguish the harmful files and registries from the system files and registries. If you have spend too much time in manual removing Win32:BHO-ALX[Trj] and still not make any progress, you can download and install Spyhunter antivirus software here to remove Win32:BHO-ALX[Trj] automatically for you.

No comments:

Post a Comment