> VilmaTech Blog > Win32:BHO-ALX[Trj] Is Connected with Savings Bull Ads, Trojan Removal

Win32:BHO-ALX[Trj] Is Connected with Savings Bull Ads, Trojan Removal

Win32:BHO-ALX[Trj] Scenario

  1. Computer stalls out at 3%.
  2. Win32:BHO-ALX[Trj] returns after being handled by installed anti-virus programs.
  3. Win32:BHO-ALX[Trj] brings in additional items to the target machine.
  4. Win32:BHO-ALX[Trj] gives rise to endless popup without permission.
  5. Win32:BHO-ALX[Trj] may cause browser crash.


Win32:BHO-ALX[Trj] Has Company

The most conspicuous company of Win32:BHO-ALX[Trj] is savings bull ad. Not a few reputable anti-virus programs reported them to appear together. If we take closer look, it can be easy to find out that the ads arise prior to Win32:BHO-ALX[Trj]. It can be thereby inferred that the Trojan horse is strongly generalized by its author and it owns various dissemination routines. VilmaTech Online Support would like to hereby list down the routines to your reference:

live chat

  1. Win32:BHO-ALX[Trj] manages to implant its vicious code on loosely programmed web pages such as newly emerging advertising platforms, shareware or freeware.
  2. The Trojan horse is capable of making a verisimilar web page such as Flash update message to trap PC users into downloading its malicious code unwittingly.
  3. It takes advantage of products that go viral.
  4. Win32:BHO-ALX[Trj] is powerful enough to exploit any vulnerability among installed programs, within system, or on web browsers.

In other word, getting Win32:BHO-ALX[Trj] indicates that the target machine was not well protected and that more items can be caught in sight such as search redirect virus, PUP, fake anti-virus programs, etc.. Read the rest of this article to get deeper insight into its malicious features and reach efficient solution as well. Should you have any question, you are welcome to start a live chat here for quick answers.

Win32:BHO-ALX[Trj] Malicious Features

Win32:BHO-ALX[Trj] is categorized as Trojan horse that initiates penetration by numerating drivers concerning installed security programs and startup section so as to overwrite or modify them with its .dll file (the kind of file contains corresponding information). As a result, the concerned parts will fall into Win32:BHO-ALX[Trj]’s control, or at least overlook its further destructive payloads:

  1. Injecting its executable item into registry service to ensure that Windows start would activate Win32:BHO-ALX[Trj] automatically.
  2. Implanting its .dll file as well as .exe file into browser settings for the default path modification so as to recording victims’ online whereabouts and control online destination for the downloading of its own driver.
  3. Inserting .dll files that are programmed to steal account information into system.exe, winlogon.exe or explorer.exe running processes.

As a result, Internet browser security would be lowered, computer’s firewall and other security programs would be disabled to some extent, user and computer information would be stolen, unauthorized access and control of an affected computer would be allowed by Win32:BHO-ALX[Trj]. It is highly recommended to remove Win32:BHO-ALX[Trj] the sooner the better. When the influx of other infections occurs, removal can become much more complicated, more mechanical issues can be incurred, confidential information will be stolen to help spread virulent items and obtain profitable illegal income. Below is efficient solution provided by VilmaTech Online Support. In the event that you encounter difficulties due to deficient computer knowledge, please feel free to contact us and get exclusive help according to your concrete situation.

live chat


Solution to Win32:BHO-ALX[Trj], Manual Removal

First – end malicious running processes related to Win32:BHO-ALX[Trj].

Windows 8

  1. Bring up Charms bar by hovering mouse to the edge.
  2. Type ‘Task’ and hit Enter key to select Task Manager.
    remove Win32:BHO-ALX[Trj]'s process in win8
  3. Hit View tab to choose “Select Columns”.
  4. Tick “Image Path Name” and PID.
    show PID to remove Win32:BHO-ALX[Trj]
  5. You’ll then be able to see full path name of programs there and track the suspicious ones that consume plenty of CPU.
  6. Go to Start Screen to hit All Apps for Accessories.
  7. Select System Tools then choose System Information.
  8. Next expand Software Environment and choose Running Tasks.
  9. You’ll now see the path for each service and program in the right pane.
    use system information to remove Win32:BHO-ALX[Trj]

Windows 7/XP/Vista

  1. Hold Ctrl, Alt and Delete key combination together to bring up Task Manager.
  2. Hit View tab to choose “Select Columns”.
    remove Win32:BHO-ALX[Trj]'s process in windows
  3. Tick “Image Path Name” and PID.
    show PID to remove Win32:BHO-ALX[Trj]
  4. You’ll then be able to see full path name of programs there and track the suspicious ones that consume plenty of CPU.
  5. Go to Start Menu to access All Programs for Accessories.
  6. Select System Tools then choose System Information.
  7. Next expand Software Environment and choose Running Tasks.
  8. You’ll now see the path for each service and program in the right pane.

Process to exterminate:
End the processes with the path referring to the location of Win32:BHO-ALX[Trj] reported by installed anti-virus program.
End WINLOGON.EXE and iexplorer.exe if any.
End non-system running process after exiting all programs.

Second – remove malicious keys and values generated by Win32:BHO-ALX[Trj] in Database.

  1. Use Win+R key combination to bring up Run box.
    use win+r to further remove Win32:BHO-ALX[Trj]
  2. Type “regedit” and press Enter button on the keyboard to access Database.
  3. Navigate to the following entries to remove them:

HKEY_CURRENT_USER\Software\Microsoft\{random file name} = “%Application Data%\{random folder name}\Windows\CurrentVersion\Run\{random file name}.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List{random port 1}:UDP = “{random port 1}:UDP:*:Enabled:UDP {random port 1}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List{random port 2}:TCP = “{random port 2}:TCP:*:Enabled:TCP {random port 2}

Third – show hidden items to remove anything that’s produced by Win32:BHO-ALX[Trj].

Windows 7/XP/Vista

  1. Go to Control Panel and then “user accounts and family safety”.
    Show hidden files to remove  use win+r to further remove Win32:BHO-ALX[Trj]
  2. Select ‘Folder Options’ to continue.
  3. Hit View tab to tick ‘Show hidden files and folders’ and non-tick ‘Hide protected operating system files (Recommended)’.
  4. Hit ‘OK’ button to show all hidden items.

Windows 8

  1. Open up Windows Explorer and tap its View tab.
  2. Tick ‘File name extensions’ and ‘Hidden items’.
    remove  Win32:BHO-ALX[Trj] from WIndows 8
  3. Hit ‘OK’ button to show all hidden items.

Files to delete:
Autorun.inf and desktop.ini situated in the place where Win32:BHO-ALX[Trj] settles.


Win32:BHO-ALX[Trj] Purpose

What Win32:BHO-ALX[Trj] targets is not system, though mechanical issues happen right after its infiltration, but confidential information. Once the information is collected, Win32:BHO-ALX[Trj] manages to assist its author in obtaining large sum of money by reselling it to other spammers or network operators, alleviating additional vicious infiltration or hacking bank account.

Win32:BHO-ALX[Trj] Summary Plus

Category: Trojan Horse

Alert Level: severe

OS Targeted: Windows 2000
Window Server 2003
Windows XP
Windows Vista
Windows 7

Removal Thread:

  • end running processes generated by Win32:BHO-ALX[Trj].
  • remove keys and values associates with Win32:BHO-ALX[Trj].
  • show hidden items to remove anything brought in and produced by Win32:BHO-ALX[Trj].

Win32:BHO-ALX[Trj] Dangers:

  • It causes browser crash.
  • It makes sluggish computer.
  • It brings in additional infections or junks.
  • It allows unsolicited connections and controls.
  • It steals confidential information without permission.
  • It opens up backdoor, giving good chance for other infections concealed in the Internet.


  • Do not visit any suspicious or spam sites.
  • Do not click open any suspicious documents or emails.
  • Install security patch to and update installed applications and OS.
  • Update virus reservoir/code to decrease the risk of being attacked.
  • Apply web monitor to reduce the possibility of getting virus online.
  • Remove Win32:BHO-ALX[Trj] completely including associated documents, implanted values and codes as well as incidental items.

On the occurrence of failure or error issue due to some unknown reasons, you are welcome to contact senior technician at VilmaTech Online Support who will offer specialized technical help according to the concrete situation.

live chat

Comments are closed.

Latest Posts