Bloodhound virus help and question

[Guest]

HI there! My computer has the bloodhound virus and I cannot get rid of it.
Why is there not a patch or something that can be done about it? Why can't
Norton do anything about it? I use Norton- but I had 3 virus' this year and I
did the research and found the solution without the help of Norton. Why do we
need Antivirus protection and spend all this money on something that does not
seem to help? What is the bloodhound virus and where does it come from? What
is going to be done about it? I have read some of the other posts- and it
seems scary what is happening with this particular virus on their computers-
I can still access the internet, but I do get booted off quite a bit and
Norton keeps sending me warnings saying I have the Bloodhound virus and
Norton cannot do anything- why is that?? Is McFee better? Is there a program
that can take care of the bloodhound virus? What should I be doing right now?
I have tried resetting the time and date, I have downloaded something from
pctools and kixtart and something else- nothing is working I still get the
warning.

 

[Tom Pepper Willett]

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.w32.1.html

message | HI there! My computer has the bloodhound virus and I cannot get rid of it.
| Why is there not a patch or something that can be done about it? Why can't
| Norton do anything about it? I use Norton- but I had 3 virus' this year
and I
| did the research and found the solution without the help of Norton. Why do
we
| need Antivirus protection and spend all this money on something that does
not
| seem to help? What is the bloodhound virus and where does it come from?
What
| is going to be done about it? I have read some of the other posts- and it
| seems scary what is happening with this particular virus on their
computers-
| I can still access the internet, but I do get booted off quite a bit and
| Norton keeps sending me warnings saying I have the Bloodhound virus and
| Norton cannot do anything- why is that?? Is McFee better? Is there a
program
| that can take care of the bloodhound virus? What should I be doing right
now?
| I have tried resetting the time and date, I have downloaded something from
| pctools and kixtart and something else- nothing is working I still get the
| warning.

 

[David H. Lipman]

From: "Frustrated Teacher" <Frustrated (e-mail address removed)>

| HI there! My computer has the bloodhound virus and I cannot get rid of it.
| Why is there not a patch or something that can be done about it? Why can't
| Norton do anything about it? I use Norton- but I had 3 virus' this year and I
| did the research and found the solution without the help of Norton. Why do we
| need Antivirus protection and spend all this money on something that does not
| seem to help? What is the bloodhound virus and where does it come from? What
| is going to be done about it? I have read some of the other posts- and it
| seems scary what is happening with this particular virus on their computers-
| I can still access the internet, but I do get booted off quite a bit and
| Norton keeps sending me warnings saying I have the Bloodhound virus and
| Norton cannot do anything- why is that?? Is McFee better? Is there a program
| that can take care of the bloodhound virus? What should I be doing right now?
| I have tried resetting the time and date, I have downloaded something from
| pctools and kixtart and something else- nothing is working I still get the
| warning.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


First... Please describe what you mean by the following...
"I have downloaded something from pctools and kixtart and something else- nothing is working
I still get the | warning. "

We need to know EXACTLY what you have done and what software you used.

Bloodhound is a term used by Symantec/Norton for a heuristic detection. Heuristic detection
means it has all the characteristics of a virus or Trojan. However it is unspecific of what
it or does. Basically, if it wals like a duck and squacks like a duck then it must be a
duck.

Read the URL posted by Tom.

If Norton said you had a "Bloodhound" detection then it should have indicated the fully
qualified name and path to a file that it was detected in. To find out what this is more
specifically as to what you have, a sample can be submitted to Virus Total.

Please submit a sample of the file purported to being infected by the "Bloodhound" detection
to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results

To remove this unkown infector, please perform the following...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[Guest]

Bloodhound is actually a type of SpyWare. Bloodhound sometimes rebuilds them
selves after the original is detected. Like a parent and children type
scenario. Bloodhound is very tough virus. Make sure that your virus
definitions are up to date with your AV. Run a couple of scans after you
download the latest virus definitions. Also make sure that your AV is still
registered, if not you will have to re-register then download the latest
virus definitions.

Hope this helps...

 

[David H. Lipman]

From: "The Saint" <[email protected]>

| Bloodhound is actually a type of SpyWare. Bloodhound sometimes rebuilds them
| selves after the original is detected. Like a parent and children type
| scenario. Bloodhound is very tough virus. Make sure that your virus
| definitions are up to date with your AV. Run a couple of scans after you
| download the latest virus definitions. Also make sure that your AV is still
| registered, if not you will have to re-register then download the latest
| virus definitions.
|
| Hope this helps...
| --
| The Saint
| MCP, MCDST

Please get your facts straight !
Either it is a "virus" or its non-viral malware such as adware/spyware.
The fact is "Bloodhound is actually a type of..." heuristic virus detection..

Bloodhound is a term used by Symantec/Norton for a heuristic detection. Heuristic detection
means it has all the characteristics of a virus or Trojan. However it is unspecific of what
it is or what it does. Basically, if it walks like a duck and squacks like a duck then it
must be a
duck.

Note: Heuristic scanning does have the propensity to increase the False Positive
declaration rate of any given anti virus package when enabled.

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.html
"Norton AntiVirus (NAV) has the ability to detect unknown viruses of various types using
heuristic algorithms known as Bloodhound. This technology was developed by Symantec Security
Response."

The term "Bloodhound" is not the full name. There should be a suffix added to to the term
"Bloohound" to define a sub-type of detection. This helps narrow down the type of heuristic
finding.

Examples:
Bloodhound.Exploit
Bloodhound.Unknown
Bloodhound.VBS.Worm
Bloodhound.W32
Bloodhound.WordMacro
Bloodhound.ExcelMacro
Bloodhound.FileString
Bloodhound.Hybrid
Bloodhound.HybridCOM
Bloodhound.HybridEXE
Bloodhound.MBR

 

[Guest]

My Norton recently detected Bloodhount.exploit.6 on my computer via
auto-protect. AV log says it tried to access and repair the file but it was
denied. I immediately signed off from the internet, erased my
TemporaryInternetFiles\content.ie5 where it said the virus was located, and
ran a full virus scan again. AV has not detected Bloodhound again since I
have done that.

Seeing how pernicious this virus seems to be by the other messages posted
here, do you know if erasing the temp files immediately could have actually
eliminated the virus? I have noticed no problems at all on my system, but I
want to be sure my computer is still secure. I have all of the most updated
service packs/updates on both Microsoft and Norton, so I'm not sure how this
got through.

Thanks for any help.

 

[David H. Lipman]

From: "domer_1990" <[email protected]>

| My Norton recently detected Bloodhount.exploit.6 on my computer via
| auto-protect. AV log says it tried to access and repair the file but it was
| denied. I immediately signed off from the internet, erased my
| TemporaryInternetFiles\content.ie5 where it said the virus was located, and
| ran a full virus scan again. AV has not detected Bloodhound again since I
| have done that.
|
| Seeing how pernicious this virus seems to be by the other messages posted
| here, do you know if erasing the temp files immediately could have actually
| eliminated the virus? I have noticed no problems at all on my system, but I
| want to be sure my computer is still secure. I have all of the most updated
| service packs/updates on both Microsoft and Norton, so I'm not sure how this
| got through.
|
| Thanks for any help.

You certainly have taken *good* steps !

Note that the name is; Bloodhound.exploit.6
That means that it is a Heuristic detection on code designed to exploit a known
vulnerability. Making sure you have all Critical Updates mitigates the possibility of
exloitation code taking full advantage of a vulnerability.

Bloodhound.exploit.6 --
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html

In this case it is code to exploits the vulnerability associated with KB837009
http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

Having WinXP SP2 mitigates this vulnerability.

 

[Guest]

what is the name of the Bloodhound