I got a virus the other day, not completely sure where from. Norton seemed to have dealt with it so I didn't think much more of it. A couple days later there were two more viruses. One of them is called something along the lines of xy.exe and the other is Bloodhound.W32.EP . I've done a bit of research about the bloodhound one and know that it's a Symantec thing that detects algorithms it thinks might be a virus but isn't necessarily. If this was the case, I wouldn't be that worried but the Norton warning is popping up at a very annoying rate and somtimes won't go away at all. It always says that it could not access the file or no action was taken. Also, my background image has been changed to an html file warning me of security breach. Another thing that seems to be related is that the spyware program PSGuard has stealth installed itself on my computer. I've tried system restoring to about 15 earlier dates and none of them restore successfully. I'd like to get rid of this problem preferably without having to wipe my hard drive. Any help would be greatly appreciated.
I attached a picture of the background thingy and a picture of the icon from the PSGuard program.
Are you running Windows ME? According to Symantec
NT, 2000, and XP are not vulnerable. NT can be infected, but the virus can't do anything malicious.
And if I've got the right variant, and you are running < NT4, you'd better do something before Aug. 2nd when it drops its payload. It'll destroy the data on the drive, and then it will try to hork your flash bios (physical computer damage.)
FYI, it's common practice to give more details, such as OS, versions of software being used (AV, ASpyware, etc.) for us to provide some informed help. If you are running XP, I'd suspect something else entirely is going on, and this Bloodhound is a 'false positive', intentional or not.
Sorry about that, I never thought to mention OS or anything. I am running XP, I'm running an updated version of Norton Professional 2003. I use adaware on my comp. I tried going into safe mode and doing a full system scan and Norton said it got rid of 1 virus but another infected file was not fixable. Because of the nature of the bloodhound thing I'm not really sure whether or not to be worried about it but a few things have made me wonder if its a pretty bad problem. For example, I tried to uninstall the PCGuard program and my computer turned off instead, the same thing has happened several times with Norton as well. Also, the Norton icon in my task bar has a way of disappearing and not coming back when I click on it. Hopefully that information is helpful, if need be I can probably just wipe my hard drive and reinstall windows but I'd rather not have to resort to that.
have you tryed one of the online scans like housecall.trendmicro.com or using a specilty program like stinger. also have you looked for the manual removal tools, or looked to see that the infect files do actually exist and what they are?
I'd suggest you try to boot to a 'secure' environment and scan the system from there. Still no promises, but much more likely to catch some of the ugly ones.
Did Norton come with media? If so, it is probably bootable, so you can power on with Norton in the drive and boot from the CD to just such an environment. Ther are probably free CD ISO's around you could try as well, but I have no experience with virus scanning a Windows partition from one of them.
Knoppix STD, Auditor, Helix, Whoppix are some places to start looking, but each of those Live CD's is LINUX based.
Any of our AV experts have an opinion to weigh in with?
actually zen, your live boot cd is probably going to be the best bet. they make a wide variety of GUI based boot cds, or atleast ones that have a gui. and some come with things like AVG on them since it a free product.
there you go, take yer pic.
Thanks a lot for the help you guys, before I download something from the link you provided though XTC, I was just wondering if you could explain to me what exactly I'm doing. I'm not as computer savvy as I'd like to think I am and if you've already read the deepfreeze thread I just started, you'd know I'm only 15. I'd just like to understand what exactly the boot cd thing is and what it will be doing to my computer. Hopefully that'll also help me know what to do with future problems and such as well.
Bloodhound.* is Symantecs way of saying it found a virus through heuristic means, not a static signature. Make sure your signutures are updated daily while you are fighting this off, Symantec may release a signature that'll cover you.
As far as live CD's go, *nix can't work with NTFS (very well or at all, AFAIK) and shouldn't be used to repair anything. BartPE is a great way to clean up a windows enviroment, and has plugins for AV's and adware scanners.
If you can, plug the executable in question into virustotal.com to see what it REALLY is... bloodhound is how symantec found the virus, not the name of the virus. So you still don't really know what you are fighting yet.
Also, search for "Malware Checklist" on this website and take your box offline to work on it.
basicly a boot cd is a full operating system on cd. it runs off the cd and uses ram as its storage space. you mount your hard drive as a "slave" and it scans it while keeping you in a secure zone that cannot be compromised becasue it is based on a media that cannot be appended to.
You can feel the brain power in this one.... *rolleyes*