If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Bloody hound
Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV
tool but it doesnt work for me because it doesnt seem to be able to download the files (with the firewall turned off), so I was just wondering if there is any alternative solutions. |
Ads |
#2
|
|||
|
|||
Bloody hound
SirWhale wrote:
Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV tool but it doesnt work for me because it doesnt seem to be able to download the files (with the firewall turned off), so I was just wondering if there is any alternative solutions. This virus is nearly 4 years old! do you run any AV software besides the Multi_AV tool? According to Symantec the bloodhound w32.ep cannot run under windows XP. http://securityresponse.symantec.com....cih.1049.html -- Mike Pawlak |
#3
|
|||
|
|||
Bloody hound
From: "SirWhale"
| Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV | tool but it doesnt work for me because it doesnt seem to be able to download | the files (with the firewall turned off), so I was just wondering if there is | any alternative solutions. There are anti virus News Groups specifically for this type of discussion. microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus There are four different anti virus modules in the Multi AV Scanning Tool. Are you saying you can't download *any* needed files for any modules ? When did you download the Multi AV Scanning Tool ? The tool is updated reguarly. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe How are you connected to the Internet ? Broadband ? Dial-up ? bloodhound.w32 indicates a family type of Symantec Heuristic detection. Are you able to download NAV/SAV signatures ? There are plenty of alternatives but you need to explain the situation more fully. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#4
|
|||
|
|||
Bloody hound
Ok I just used the sophos scanner in safe mode but the virus is still there..
"David H. Lipman" wrote: From: "SirWhale" | Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV | tool but it doesnt work for me because it doesnt seem to be able to download | the files (with the firewall turned off), so I was just wondering if there is | any alternative solutions. There are anti virus News Groups specifically for this type of discussion. microsoft.public.security.virus alt.comp.virus alt.comp.anti-virus There are four different anti virus modules in the Multi AV Scanning Tool. Are you saying you can't download *any* needed files for any modules ? When did you download the Multi AV Scanning Tool ? The tool is updated reguarly. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe How are you connected to the Internet ? Broadband ? Dial-up ? bloodhound.w32 indicates a family type of Symantec Heuristic detection. Are you able to download NAV/SAV signatures ? There are plenty of alternatives but you need to explain the situation more fully. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#5
|
|||
|
|||
Bloody hound
From: "SirWhale"
| Ok I just used the sophos scanner in safe mode but the virus is still there.. | Two things... The first is WHAT is still there ? That is what is teh fully qualified name and path to the file that is deemed to be infected by the Heuristic detection ? The second is has NAV quarantined the file ? -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#6
|
|||
|
|||
Bloody hound
Hmm, the popup indicating the filename and virus from my norton antivirus has
disappeared, but the popup on the windows taskbar stating "Your computer is infected" still remains, as well as the "Spyware detected on your comp" warning sign across the desktop. How'd you check for the virus again, so that you'd know which file to quarantine (can't recall the exact file). "David H. Lipman" wrote: From: "SirWhale" | Ok I just used the sophos scanner in safe mode but the virus is still there.. | Two things... The first is WHAT is still there ? That is what is teh fully qualified name and path to the file that is deemed to be infected by the Heuristic detection ? The second is has NAV quarantined the file ? -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#7
|
|||
|
|||
Bloody hound
From: "SirWhale"
| Hmm, the popup indicating the filename and virus from my norton antivirus has | disappeared, but the popup on the windows taskbar stating "Your computer is | infected" still remains, as well as the "Spyware detected on your comp" | warning sign across the desktop. | | How'd you check for the virus again, so that you'd know which file to | quarantine (can't recall the exact file). Two part reply.. Perform Part 1 then perform Part 2. If the first two parts don't work, perform the alternate utility. It is suggested that you execute each tool in Normal Mode then in Safe Mode. If you are using any version of Sun Java that is prior to JRE Version 5.0, then you are strongly urged to remove any/all versions that are prior to JRE Version 5.0. There are vulnerabilities in them and they are actively being exploited. It is possible that is how you got infected with malware. Therefore, it is highly suggested that if there are any prior versions of Sun Java to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6 be installed ASAP. http://www.java.com/en/download/manual.jsp Part 1 ----------- Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe http://noahdfear.geekstogo.com/click...click.php?id=1 http://www.bleepingcomputer.com/forums/topic36868.html Part 2 ----------- Download SmitFraud.exe from the URL -- http://www.ik-cs.com/programs/virtools/SmitFraud.exe Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser but your PC will automatically be shutdown. It is suggested that you move the report out of c:\mcafee before performing another scan. It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML report for each session. ALTERNATE: Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool. http://secured2k.home.comcast.net/tools/AntiPuper.exe http://forums.mcafeehelp.com/viewtopic.php?t=65072 Please Copy and Paste the contents of the HTML Log files; C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#8
|
|||
|
|||
Bloody hound
Sorry I was in-camp for the past week. In the military you see, so weekdays
are out for me. I'll get down to your solutions as soon I've got the time, schedule's pretty tight. "David H. Lipman" wrote: From: "SirWhale" | Hmm, the popup indicating the filename and virus from my norton antivirus has | disappeared, but the popup on the windows taskbar stating "Your computer is | infected" still remains, as well as the "Spyware detected on your comp" | warning sign across the desktop. | | How'd you check for the virus again, so that you'd know which file to | quarantine (can't recall the exact file). Two part reply.. Perform Part 1 then perform Part 2. If the first two parts don't work, perform the alternate utility. It is suggested that you execute each tool in Normal Mode then in Safe Mode. If you are using any version of Sun Java that is prior to JRE Version 5.0, then you are strongly urged to remove any/all versions that are prior to JRE Version 5.0. There are vulnerabilities in them and they are actively being exploited. It is possible that is how you got infected with malware. Therefore, it is highly suggested that if there are any prior versions of Sun Java to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6 be installed ASAP. http://www.java.com/en/download/manual.jsp Part 1 ----------- Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe http://noahdfear.geekstogo.com/click...click.php?id=1 http://www.bleepingcomputer.com/forums/topic36868.html Part 2 ----------- Download SmitFraud.exe from the URL -- http://www.ik-cs.com/programs/virtools/SmitFraud.exe Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee } Choose; Unzip Choose; Close NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to enable WGET.EXE to download the needed McAfee related files. Execute; c:\mcafee\clean.bat { or Double-click on 'Clean Link' in c:\mcafee } A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser but your PC will automatically be shutdown. It is suggested that you move the report out of c:\mcafee before performing another scan. It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML report for each session. ALTERNATE: Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool. http://secured2k.home.comcast.net/tools/AntiPuper.exe http://forums.mcafeehelp.com/viewtopic.php?t=65072 Please Copy and Paste the contents of the HTML Log files; C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply. * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#9
|
|||
|
|||
Bloody hound
From: "SirWhale"
| Sorry I was in-camp for the past week. In the military you see, so weekdays | are out for me. I'll get down to your solutions as soon I've got the time, | schedule's pretty tight. | I honour you sir for your service :-) G-d speed. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#10
|
|||
|
|||
Bloody hound
Here's the report in normal mode.
Virus Scan Report File -------------------------------------------------------------------------------- Virus Scan Information -------------------------------------------------------------------------------- McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4700 created Feb 17 2006 Scanning for 178414 viruses, trojans and variants. -------------------------------------------------------------------------------- Virus Scan Results -------------------------------------------------------------------------------- 02/19/2006 01:22:06 Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML C:\MCAFEE\NORMAL_SCANREPORT.HTML Scanning C: [LOCAL DISK] C:\EliteBar version 53.dll\EliteBar version 53.dll ... Found the AdClicker-BA.dll trojan !!! The file or process has been deleted. C:\ncj.exe ... Found potentially unwanted program Adware-PestTrap. The file or process has been deleted. C:\SaveInstCsSm.exe ... Found potentially unwanted program Adware-StatBlaster. The file or process has been deleted. C:\zdj.exe\zdj.exe ... Found the QLowZones-2.gen trojan !!! The file or process has been deleted. Scanning C:\*.* C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Atari\Civilization III Gold Edition\Play Civilization III Online with GameSpy Arcade!.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Documents and Settings\KC\Favorites\Netpal Games\Big Fish Games.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Documents and Settings\KC\Favorites\Netpal Games\FlyorDie Games.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Documents and Settings\KC\Favorites\Netpal Games\Gamehouse Games.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Documents and Settings\KC\Local Settings\Temp\Belt.ini ... Found potentially unwanted program IPSentry. The file or process has been deleted. C:\Documents and Settings\KC\Local Settings\Temp\bi.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\Documents and Settings\KC\Local Settings\Temp\biC.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\Documents and Settings\KC\Local Settings\Temp\flashtlk.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\Documents and Settings\KC\Local Settings\Temp\r.bat ... Found the Bat/Sdbot trojan !!! The file or process has been deleted. C:\Program Files\WebRebates\AutoTrack_README1.txt ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\a.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\b.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ba.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bb.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bc.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bd.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\be.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bf.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bg.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bh.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bk.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bm.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bn.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bo.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bp.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bq.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\br.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bs.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bt.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bw.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bx.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\bz.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ca.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cb.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cc.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cd.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ce.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cf.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ch.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ck.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cl.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cn.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cq.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cr.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cs.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ct.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cu.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cv.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cx.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\cz.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\d.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\da.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\db.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dc.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dd.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\de.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\df.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\di.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dl.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dn.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dp.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dr.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\ds.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dt.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\du.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dv.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dw.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dy.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\dz.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\f.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\h.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\i.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\j.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\l.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\m.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\Main.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\n.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\p.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\q.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\r.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\s.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\t.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\u.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\v.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\w.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\x.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Code\y.class ... Found potentially unwanted program Adware-TopMoxie. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_popup4.htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_preferences0 .htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_reg_popup1.h tm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_reg_popup2.h tm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_reg_popup3.h tm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_reg_popup4.h tm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_reg_popup5.h tm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_reg_popup6.h tm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup1. htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup2. htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup3. htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup4. htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup5. htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup6. htm ... Found potentially unwanted program Adware-TopRebates. The file or process has been deleted. C:\WINDOWS\Belt.ini ... Found potentially unwanted program IPSentry. The file or process has been deleted. C:\WINDOWS\Downloaded Program Files\ATPartners.inf ... Found potentially unwanted program Generic Adware.inf.a. The file or process has been deleted. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v2.dll ... Found potentially unwanted program Adware-EliteBar. The file or process has been deleted. C:\WINDOWS\Downloaded Program Files\CONFLICT.2\v2.dll ... Found potentially unwanted program Adware-EliteBar. The file or process has been deleted. C:\WINDOWS\Downloaded Program Files\v2.dll ... Found potentially unwanted program Adware-EliteBar. The file or process has been deleted. C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll\WebP2PInstaller.dll .... Found potentially unwanted program Adware-P2PNet. The file or process has been deleted. C:\WINDOWS\inf\biB.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\WINDOWS\silent48.exe ... Found potentially unwanted program Generic PUP.a. The file or process has been deleted. C:\WINDOWS\system32\bhosave.dat ... Found the AdClicker-BA trojan !!! The file or process has been deleted. C:\WINDOWS\system32\drivers\etc\hosts.bak ... Found potentially unwanted program QHosts-16!hosts. The virus has been removed from the file. Checking for another virus in the file ... C:\WINDOWS\system32\li.exe\li.exe ... Found the QLowZones-2.gen trojan !!! The file or process has been deleted. C:\WINDOWS\system32\msbb321.dll ... Found the Generic MultiDropper.f trojan !!! The file or process has been deleted. C:\WINDOWS\system32\MIEXEC~1.EXE ... Found potentially unwanted program Adware-ValueAd. C:\WINDOWS\system32\O.BAT ... Found the HTML/Debeski.bat trojan !!! The file or process has been deleted. C:\WINDOWS\system32\P2P Networking v126.cpl ... Found potentially unwanted program Adware-P2PNet. The file or process has been deleted. C:\WINNT\bi.ini ... Found potentially unwanted program Generic Adware.txt. The file or process has been deleted. C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1015.inf ... Found potentially unwanted program Adware-GAIN.inf. The file or process has been deleted. C:\WINNT\Downloaded Program Files\HDPlugin1015.inf ... Found potentially unwanted program Adware-GAIN.inf. The file or process has been deleted. C:\WINNT\Downloaded Program Files\search.inf ... Found the INF/StartPage-FH trojan !!! The file or process has been deleted. C:\WINNT\Downloaded Program Files\WUInst.dll ... Found potentially unwanted program Adware-SaveNow. The file or process has been deleted. C:\WINNT\Downloaded Program Files\WUInst.inf ... Found potentially unwanted program Adware-SaveNow. The file or process has been deleted. C:\WINNT\inf\bi.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\WINNT\inf\biC.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\WINNT\inf\flashtlk.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\WINNT\inf\payload.inf ... Found potentially unwanted program Adware-abetterintrnt. The file or process has been deleted. C:\WINNT\SAHUninstall.exe ... Found potentially unwanted program Adware-SAHAgent. The file or process has been deleted. C:\WINNT\system32\ctpp3.dll ... Found potentially unwanted program Adware-BHO.gen.b. The file or process has been deleted. C:\WINNT\system32\ctsr3.dll ... Found potentially unwanted program Adware-EZSearch. The file or process has been deleted. C:\WINNT\system32\drivers\etc\hosts ... Found potentially unwanted program Redirected HOSTS. The virus has been removed from the file. Checking for another virus in the file ... C:\WINNT\system32\IEDriver\3.exe ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\WINNT\system32\IEDriver\IEDRIVER.EXE ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\WINNT\system32\IEDriver\IEUPDATE.EXE ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\WINNT\system32\in5bCs.dll ... Found the Generic MultiDropper.f trojan !!! The file or process has been deleted. C:\WINNT\system32\pcs\init.dll ... Found potentially unwanted program Adware-PromulGate.dll. The file or process has been deleted. C:\WINNT\system32\pcs\pcsvcAccess.ocx ... Found potentially unwanted program Generic PUP.a. The file or process has been deleted. C:\WINNT\system32\setup_incred_5.exe ... Found potentially unwanted program Adware-KeenValue. The file or process has been deleted. C:\WINNT\system32\temp ... Found the IRC/Flood.dk trojan !!! The file or process has been deleted. C:\WINNT\system32\wins\SVCHOST.EXE\SVCHOST.EXE ... Found the W32/Nachi!tftpd virus !!! The file or process has been deleted. C:\WINNT\whAgent.inf ... Found potentially unwanted program Spyware-WebHancer. The file or process has been deleted. C:\WINNT\whInstaller.ini ... Found potentially unwanted program Spyware-WebHancer. The file or process has been deleted. A file(s) requires a reboot to complete the repair. You are recommended to reboot the computer. Summary report on C:\*.* File(s) Total files: ........... 151975 Clean: ................. 151825 Possibly Infected: ..... 11 Cleaned: ............... 2 Deleted: ............... 142 Non-critical Error(s): 3 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 01:19.49 "David H. Lipman" wrote: From: "SirWhale" | Sorry I was in-camp for the past week. In the military you see, so weekdays | are out for me. I'll get down to your solutions as soon I've got the time, | schedule's pretty tight. | I honour you sir for your service :-) G-d speed. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#11
|
|||
|
|||
Bloody hound
From: "SirWhale"
| Here's the report in normal mode. | McAfee Log Snipped You had many instances of adweare, the Nachi worm and several Trojans. Your PC was undoubtedly infected ! Based upon the amount of adware found... If you are using any version of Sun Java that is prior to JRE Version 5.0, then you are strongly urged to remove any/all versions that are prior to JRE Version 5.0. There are vulnerabilities in them and they are actively being exploited. It is possible that is how you got infected with malware. Therefore, it is highly suggested that if there are any prior versions of Sun Java to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6 be installed ASAP. http://www.java.com/en/download/manual.jsp Please download, install and update the following software... * Ad-aware SE v1.06 http://www.lavasoft.de/ http://www.lavasoftusa.com/ * SpyBot Search and Destroy v1.4 http://security.kolla.de/ After the software is updated, I suggest scanning the system in Safe Mode. I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. * BHODemon http://www.majorgeeks.com/downloadge...4332b4b8b8442d -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#12
|
|||
|
|||
Bloody hound
Yeap um I have those already, except BHOdemon. I'll do a final scan soon
enough. "David H. Lipman" wrote: From: "SirWhale" | Here's the report in normal mode. | McAfee Log Snipped You had many instances of adweare, the Nachi worm and several Trojans. Your PC was undoubtedly infected ! Based upon the amount of adware found... If you are using any version of Sun Java that is prior to JRE Version 5.0, then you are strongly urged to remove any/all versions that are prior to JRE Version 5.0. There are vulnerabilities in them and they are actively being exploited. It is possible that is how you got infected with malware. Therefore, it is highly suggested that if there are any prior versions of Sun Java to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6 be installed ASAP. http://www.java.com/en/download/manual.jsp Please download, install and update the following software... * Ad-aware SE v1.06 http://www.lavasoft.de/ http://www.lavasoftusa.com/ * SpyBot Search and Destroy v1.4 http://security.kolla.de/ After the software is updated, I suggest scanning the system in Safe Mode. I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. * BHODemon http://www.majorgeeks.com/downloadge...4332b4b8b8442d -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#13
|
|||
|
|||
Bloody hound
From: "SirWhale"
| Yeap um I have those already, except BHOdemon. I'll do a final scan soon | enough. I hope that they are Ad-aware SE v1.06 and SpyBiot S&D v1.4 and they are fully updated. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#14
|
|||
|
|||
Bloody hound
I dont know how to open the .ref file for adaware 1.06..
"SirWhale" wrote: Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV tool but it doesnt work for me because it doesnt seem to be able to download the files (with the firewall turned off), so I was just wondering if there is any alternative solutions. |
#15
|
|||
|
|||
Bloody hound
From: "SirWhale"
| I dont know how to open the .ref file for adaware 1.06.. | You don't. Ad-aware does. The REF file needs to be in the same folder as; Ad-Aware.exe. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Bloody Zips | Joe Lawlor | Forum feedback about PCbanter.net | 0 | January 19th 06 09:41 PM |
Xtreme Bloody eyes under XP + eyestrains... | Herr Lucifer | General XP issues or comments | 6 | January 27th 05 08:34 AM |
Blood Hound | S. Sam | Windows XP Help and Support | 1 | December 23rd 04 07:16 PM |
Bloody XP security | Poider - Australia | Security and Administration with Windows XP | 1 | September 24th 04 02:43 PM |