Bloodhound.Exploit.56 Message

[Guest]

Hi. I received a Norton AntiVirus alert as listed below in the Norton log:

Category: Security risks
Date1/7/2006
FeatureAuto-Protect
Risk NameBloodhound.Exploit.56
ResultAccess denied
Item Type: File
Virus Definition Version200601040006
Product Version11.5.7.2
Details: "Source: C:\Documents and Settings\Rick\Local Settings\Temporary
Internet Files\Content.IE5\APNCPKJA\102[1].wmf
Action taken: Repair failed
Action taken: Access denied"

It appears Norton could not delete or quarantine the file.

I located the file in Windows Explorer and it's Properties indicate it is an
Internet shortcut to http://www.srp99.biz/tape/102.wmf

I deleted all temporary files and rebooted but the file still appears in a
search under Windows Explorer.

When I run a full virus scan using NAV, the problem file is not found. I
used Safe mode and ran NAV, but again was unable to locate the file.

On Jan. 6 I downloaded the Windows XP security update for this problem.

Am I still vulnerable from this virus, and if so, any suggestions on how to
remove the vulnerability are appreciated.

Thanks.

Rick

 

[David H. Lipman]

From: "RickD" <[email protected]>

| Hi. I received a Norton AntiVirus alert as listed below in the Norton log:
|
| Category: Security risks
| Date1/7/2006
| FeatureAuto-Protect
| Risk NameBloodhound.Exploit.56
| ResultAccess denied
| Item Type: File
| Virus Definition Version200601040006
| Product Version11.5.7.2
| Details: "Source: C:\Documents and Settings\Rick\Local Settings\Temporary
| Internet Files\Content.IE5\APNCPKJA\102[1].wmf
| Action taken: Repair failed
| Action taken: Access denied"
|
| It appears Norton could not delete or quarantine the file.
|
| I located the file in Windows Explorer and it's Properties indicate it is an
| Internet shortcut to http://www.srp99.biz/tape/102.wmf
|
| I deleted all temporary files and rebooted but the file still appears in a
| search under Windows Explorer.
|
| When I run a full virus scan using NAV, the problem file is not found. I
| used Safe mode and ran NAV, but again was unable to locate the file.
|
| On Jan. 6 I downloaded the Windows XP security update for this problem.
|
| Am I still vulnerable from this virus, and if so, any suggestions on how to
| remove the vulnerability are appreciated.
|
| Thanks.
|
| Rick


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *