Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Bloodhound Virus

  1. #1
    Junior Member
    Join Date
    Feb 2005
    Posts
    16

    Bloodhound Virus

    I got a virus the other day, not completely sure where from. Norton seemed to have dealt with it so I didn't think much more of it. A couple days later there were two more viruses. One of them is called something along the lines of xy.exe and the other is Bloodhound.W32.EP . I've done a bit of research about the bloodhound one and know that it's a Symantec thing that detects algorithms it thinks might be a virus but isn't necessarily. If this was the case, I wouldn't be that worried but the Norton warning is popping up at a very annoying rate and somtimes won't go away at all. It always says that it could not access the file or no action was taken. Also, my background image has been changed to an html file warning me of security breach. Another thing that seems to be related is that the spyware program PSGuard has stealth installed itself on my computer. I've tried system restoring to about 15 earlier dates and none of them restore successfully. I'd like to get rid of this problem preferably without having to wipe my hard drive. Any help would be greatly appreciated.


    I attached a picture of the background thingy and a picture of the icon from the PSGuard program.
    What meaning has my life that the inevitability of death cannot destroy it?

  2. #2
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Are you running Windows ME? According to Symantec
    http://securityresponse.symantec.com....cih.1049.html
    NT, 2000, and XP are not vulnerable. NT can be infected, but the virus can't do anything malicious.

    And if I've got the right variant, and you are running < NT4, you'd better do something before Aug. 2nd when it drops its payload. It'll destroy the data on the drive, and then it will try to hork your flash bios (physical computer damage.)

    FYI, it's common practice to give more details, such as OS, versions of software being used (AV, ASpyware, etc.) for us to provide some informed help. If you are running XP, I'd suspect something else entirely is going on, and this Bloodhound is a 'false positive', intentional or not.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  3. #3
    Junior Member
    Join Date
    Feb 2005
    Posts
    16
    Sorry about that, I never thought to mention OS or anything. I am running XP, I'm running an updated version of Norton Professional 2003. I use adaware on my comp. I tried going into safe mode and doing a full system scan and Norton said it got rid of 1 virus but another infected file was not fixable. Because of the nature of the bloodhound thing I'm not really sure whether or not to be worried about it but a few things have made me wonder if its a pretty bad problem. For example, I tried to uninstall the PCGuard program and my computer turned off instead, the same thing has happened several times with Norton as well. Also, the Norton icon in my task bar has a way of disappearing and not coming back when I click on it. Hopefully that information is helpful, if need be I can probably just wipe my hard drive and reinstall windows but I'd rather not have to resort to that.
    What meaning has my life that the inevitability of death cannot destroy it?

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    have you tryed one of the online scans like housecall.trendmicro.com or using a specilty program like stinger. also have you looked for the manual removal tools, or looked to see that the infect files do actually exist and what they are?
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #5
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I'd suggest you try to boot to a 'secure' environment and scan the system from there. Still no promises, but much more likely to catch some of the ugly ones.

    Did Norton come with media? If so, it is probably bootable, so you can power on with Norton in the drive and boot from the CD to just such an environment. Ther are probably free CD ISO's around you could try as well, but I have no experience with virus scanning a Windows partition from one of them.

    Knoppix STD, Auditor, Helix, Whoppix are some places to start looking, but each of those Live CD's is LINUX based.

    Any of our AV experts have an opinion to weigh in with?
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    actually zen, your live boot cd is probably going to be the best bet. they make a wide variety of GUI based boot cds, or atleast ones that have a gui. and some come with things like AVG on them since it a free product.

    http://www.frozentech.com/content/li...ort=&showonly=

    there you go, take yer pic.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  7. #7
    Junior Member
    Join Date
    Feb 2005
    Posts
    16
    Thanks a lot for the help you guys, before I download something from the link you provided though XTC, I was just wondering if you could explain to me what exactly I'm doing. I'm not as computer savvy as I'd like to think I am and if you've already read the deepfreeze thread I just started, you'd know I'm only 15. I'd just like to understand what exactly the boot cd thing is and what it will be doing to my computer. Hopefully that'll also help me know what to do with future problems and such as well.
    What meaning has my life that the inevitability of death cannot destroy it?

  8. #8
    FYI

    Bloodhound.* is Symantecs way of saying it found a virus through heuristic means, not a static signature. Make sure your signutures are updated daily while you are fighting this off, Symantec may release a signature that'll cover you.

    As far as live CD's go, *nix can't work with NTFS (very well or at all, AFAIK) and shouldn't be used to repair anything. BartPE is a great way to clean up a windows enviroment, and has plugins for AV's and adware scanners.

    If you can, plug the executable in question into virustotal.com to see what it REALLY is... bloodhound is how symantec found the virus, not the name of the virus. So you still don't really know what you are fighting yet.

    Also, search for "Malware Checklist" on this website and take your box offline to work on it.

    Good luck!

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    basicly a boot cd is a full operating system on cd. it runs off the cd and uses ram as its storage space. you mount your hard drive as a "slave" and it scans it while keeping you in a secure zone that cannot be compromised becasue it is based on a media that cannot be appended to.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    Junior Member
    Join Date
    Jan 2005
    Posts
    8
    You can feel the brain power in this one.... *rolleyes*
    Confirmed Kill....Back and ready to argue!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •