A Brief Look at the Trojan Horse bho.jew

A Brief Look at the Trojan Horse bho.jew
Page content

A Brief Introduction to Trojan Horses

Trojan horses, much like every other malware, are unwelcome pieces of code designed to hack into a user’s computer system. They inherit their moniker from the famous Trojan horse of Troy, where enemy soldiers were hidden inside a wooden horse, disguised as a gift. The computing version works in much the same way – an innocuous program is distributed to different users, and after it is installed the Trojan then installs itself onto the system.

Trojan horses are used to bypass security without attempting to game the security system. The user loads the malware themselves, removing all need to bypass any protocols. The Trojan then sets about changing system information or channeling sensitive data to a remote user.

The bho.jew Trojan

In addition to sending sensitive data like logins and passwords to an unauthorized user, Trojans also provide a channel through security systems to install further malware programs. The bho.jew Trojan falls into this particular category of Trojan horses.

This particular Trojan horse exploits Browser Helper Objects (BHOs) in Microsoft’s Internet Explorer. Browser Helper Objects are legitimate extensions, developed by Microsoft, and used in conjunction with Internet Explorer. Proper use of these add-ins allows a developer to add another dimension to the web browsing experience through added functionality. Examples of good BHOs are the Google or Ask.com toolbars that are installed with the browser.

Identifying a bho.jew Infection

Internet Explorer - Manage Add-ons

The bho.jew masquerades under various aliases, but it is in fact the Trojan.Win32.BHO.whc malware. bho.jew is an alias that AVG uses when a threat is detected.

The bho.jew Trojan horse mainly focuses on the Internet Explorer browser. To check which BHOs are installed, a user can look them up under Tools → Internet Options → Programs tab → Manage Add-ons. Most of the add-ons have publishers and can therefore be identified as legitimate.

Most antivirus programs are quick to pick up the Trojan, too.

Removing a bho.jew Infection

There are lots of tools designed specifically designed to detect and remove malicious BHOs, like bho.jew. The trouble with Trojan horses is because of their very nature of pretending to be innocuous, they often slip through the cracks of antivirus programs.

In the event of a suspected bho.jew infection, it is best to use a good malware remover program, like one of the following:

  1. BHODemon: This freeware roots out all hidden BHO objects installed on the computer and displays them to the user. While this function is similar to just looking up the Add-ons menu, BHODemon also flags any suspicious BHOs, and the user is then presented with the option to disable it instantly. The utility does not do much else, but works effectively against BHO Trojan horses.
  2. SuperAntiSpyware: Another freeware option, SuperAntiSpyware is especially dedicated to removal of malware that is associated with Internet browsers and networks, like Trojans and spyware.
  3. MalwareBytes Anti-Malware: Popularly known as MBAM, this particular antivirus program has a track record of sniffing out all malware before it has a chance to do damage to the computer. It keeps a constant check on the process list, and therefore is able to detect suspicious activity almost instantly.

Conclusion

It is possible to avoid the pitfalls associated with bho.jew infections by simply using another browser altogether. Unsurprisingly, the BHO Trojan horses are often touted as another reason to eschew Internet Explorer entirely. Although other browsers also have the facility to add developer functionality, they tend to be somewhat safer.