Bloody hound

Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV
tool but it doesnt work for me because it doesnt seem to be able to download
the files (with the firewall turned off), so I was just wondering if there is
any alternative solutions.

SirWhale wrote:
Ive been recently hit by a bloodhound.w32.ep virus. Tried using the
multi_AV tool but it doesnt work for me because it doesnt seem to be
able to download the files (with the firewall turned off), so I was
just wondering if there is any alternative solutions.

This virus is nearly 4 years old! do you run any AV software besides the
Multi_AV tool?
According to Symantec the bloodhound w32.ep cannot run under windows XP.
http://securityresponse.symantec.com....cih.1049.html

--
Mike Pawlak

From: "SirWhale"

| Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV
| tool but it doesnt work for me because it doesnt seem to be able to download
| the files (with the firewall turned off), so I was just wondering if there is
| any alternative solutions.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

There are four different anti virus modules in the Multi AV Scanning Tool. Are you saying
you can't download *any* needed files for any modules ? When did you download the Multi AV
Scanning Tool ? The tool is updated reguarly.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

How are you connected to the Internet ? Broadband ? Dial-up ?

bloodhound.w32 indicates a family type of Symantec Heuristic detection. Are you able to
download NAV/SAV signatures ?

There are plenty of alternatives but you need to explain the situation more fully.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Ok I just used the sophos scanner in safe mode but the virus is still there..

"David H. Lipman" wrote:

From: "SirWhale"

| Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV
| tool but it doesnt work for me because it doesnt seem to be able to download
| the files (with the firewall turned off), so I was just wondering if there is
| any alternative solutions.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

There are four different anti virus modules in the Multi AV Scanning Tool. Are you saying
you can't download *any* needed files for any modules ? When did you download the Multi AV
Scanning Tool ? The tool is updated reguarly.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

How are you connected to the Internet ? Broadband ? Dial-up ?

bloodhound.w32 indicates a family type of Symantec Heuristic detection. Are you able to
download NAV/SAV signatures ?

There are plenty of alternatives but you need to explain the situation more fully.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "SirWhale"

| Ok I just used the sophos scanner in safe mode but the virus is still there..
|

Two things...

The first is WHAT is still there ?
That is what is teh fully qualified name and path to the file that is deemed to be infected
by the Heuristic detection ?

The second is has NAV quarantined the file ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Hmm, the popup indicating the filename and virus from my norton antivirus has
disappeared, but the popup on the windows taskbar stating "Your computer is
infected" still remains, as well as the "Spyware detected on your comp"
warning sign across the desktop.

How'd you check for the virus again, so that you'd know which file to
quarantine (can't recall the exact file).

"David H. Lipman" wrote:

From: "SirWhale"

| Ok I just used the sophos scanner in safe mode but the virus is still there..
|

Two things...

The first is WHAT is still there ?
That is what is teh fully qualified name and path to the file that is deemed to be infected
by the Heuristic detection ?

The second is has NAV quarantined the file ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "SirWhale"

| Hmm, the popup indicating the filename and virus from my norton antivirus has
| disappeared, but the popup on the windows taskbar stating "Your computer is
| infected" still remains, as well as the "Spyware detected on your comp"
| warning sign across the desktop.
|
| How'd you check for the virus again, so that you'd know which file to
| quarantine (can't recall the exact file).



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Sorry I was in-camp for the past week. In the military you see, so weekdays
are out for me. I'll get down to your solutions as soon I've got the time,
schedule's pretty tight.

"David H. Lipman" wrote:

From: "SirWhale"

| Hmm, the popup indicating the filename and virus from my norton antivirus has
| disappeared, but the popup on the windows taskbar stating "Your computer is
| infected" still remains, as well as the "Spyware detected on your comp"
| warning sign across the desktop.
|
| How'd you check for the virus again, so that you'd know which file to
| quarantine (can't recall the exact file).



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "SirWhale"

| Sorry I was in-camp for the past week. In the military you see, so weekdays
| are out for me. I'll get down to your solutions as soon I've got the time,
| schedule's pretty tight.
|

I honour you sir for your service :-)

G-d speed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Here's the report in normal mode.



Virus Scan Report File

--------------------------------------------------------------------------------
Virus Scan Information
--------------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4700 created Feb 17 2006
Scanning for 178414 viruses, trojans and variants.


--------------------------------------------------------------------------------
Virus Scan Results
--------------------------------------------------------------------------------




02/19/2006 01:22:06


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\MCAFEE\EXCLIST.TXT /HTML C:\MCAFEE\NORMAL_SCANREPORT.HTML

Scanning C: [LOCAL DISK]
C:\EliteBar version 53.dll\EliteBar version 53.dll ... Found the
AdClicker-BA.dll trojan !!!
The file or process has been deleted.
C:\ncj.exe ... Found potentially unwanted program Adware-PestTrap.
The file or process has been deleted.
C:\SaveInstCsSm.exe ... Found potentially unwanted program Adware-StatBlaster.
The file or process has been deleted.
C:\zdj.exe\zdj.exe ... Found the QLowZones-2.gen trojan !!!
The file or process has been deleted.
Scanning C:\*.*
C:\Documents and Settings\All Users.WINDOWS\Start
Menu\Programs\Atari\Civilization III Gold Edition\Play Civilization III
Online with GameSpy Arcade!.url ... Found potentially unwanted program
Adware-Url.gen.
The file or process has been deleted.
C:\Documents and Settings\KC\Favorites\Netpal Games\Big Fish Games.url ...
Found potentially unwanted program Adware-Url.gen.
The file or process has been deleted.
C:\Documents and Settings\KC\Favorites\Netpal Games\FlyorDie Games.url ...
Found potentially unwanted program Adware-Url.gen.
The file or process has been deleted.
C:\Documents and Settings\KC\Favorites\Netpal Games\Gamehouse Games.url ...
Found potentially unwanted program Adware-Url.gen.
The file or process has been deleted.
C:\Documents and Settings\KC\Local Settings\Temp\Belt.ini ... Found
potentially unwanted program IPSentry.
The file or process has been deleted.
C:\Documents and Settings\KC\Local Settings\Temp\bi.inf ... Found
potentially unwanted program Adware-abetterintrnt.
The file or process has been deleted.
C:\Documents and Settings\KC\Local Settings\Temp\biC.inf ... Found
potentially unwanted program Adware-abetterintrnt.
The file or process has been deleted.
C:\Documents and Settings\KC\Local Settings\Temp\flashtlk.inf ... Found
potentially unwanted program Adware-abetterintrnt.
The file or process has been deleted.
C:\Documents and Settings\KC\Local Settings\Temp\r.bat ... Found the
Bat/Sdbot trojan !!!
The file or process has been deleted.
C:\Program Files\WebRebates\AutoTrack_README1.txt ... Found potentially
unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\a.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\b.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ba.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bb.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bc.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bd.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\be.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bf.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bg.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bh.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bk.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bm.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bn.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bo.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bp.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bq.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\br.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bs.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bt.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bw.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bx.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\bz.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ca.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cb.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cc.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cd.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ce.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cf.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ch.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ck.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cl.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cn.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cq.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cr.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cs.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ct.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cu.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cv.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cx.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\cz.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\d.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\da.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\db.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dc.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dd.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\de.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\df.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\di.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dl.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dn.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dp.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dr.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\ds.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dt.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\du.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dv.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dw.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dy.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\dz.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\f.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\h.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\i.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\j.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\l.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\m.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\Main.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\n.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\p.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\q.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\r.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\s.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\t.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\u.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\v.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\w.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\x.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Code\y.class ... Found potentially
unwanted program Adware-TopMoxie.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_popup4.htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_preferences0 .htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_reg_popup1.h tm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_reg_popup2.h tm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_reg_popup3.h tm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_reg_popup4.h tm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_reg_popup5.h tm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_reg_popup6.h tm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup1. htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup2. htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup3. htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup4. htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup5. htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\Program Files\WebRebates\System\Html\topr1150_ureg_popup6. htm ... Found
potentially unwanted program Adware-TopRebates.
The file or process has been deleted.
C:\WINDOWS\Belt.ini ... Found potentially unwanted program IPSentry.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\ATPartners.inf ... Found potentially
unwanted program Generic Adware.inf.a.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v2.dll ... Found potentially
unwanted program Adware-EliteBar.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\v2.dll ... Found potentially
unwanted program Adware-EliteBar.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\v2.dll ... Found potentially unwanted
program Adware-EliteBar.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll\WebP2PInstaller.dll
.... Found potentially unwanted program Adware-P2PNet.
The file or process has been deleted.
C:\WINDOWS\inf\biB.inf ... Found potentially unwanted program
Adware-abetterintrnt.
The file or process has been deleted.
C:\WINDOWS\silent48.exe ... Found potentially unwanted program Generic PUP.a.
The file or process has been deleted.
C:\WINDOWS\system32\bhosave.dat ... Found the AdClicker-BA trojan !!!
The file or process has been deleted.
C:\WINDOWS\system32\drivers\etc\hosts.bak ... Found potentially unwanted
program QHosts-16!hosts.
The virus has been removed from the file.
Checking for another virus in the file ...
C:\WINDOWS\system32\li.exe\li.exe ... Found the QLowZones-2.gen trojan !!!
The file or process has been deleted.
C:\WINDOWS\system32\msbb321.dll ... Found the Generic MultiDropper.f trojan
!!!
The file or process has been deleted.
C:\WINDOWS\system32\MIEXEC~1.EXE ... Found potentially unwanted program
Adware-ValueAd.
C:\WINDOWS\system32\O.BAT ... Found the HTML/Debeski.bat trojan !!!
The file or process has been deleted.
C:\WINDOWS\system32\P2P Networking v126.cpl ... Found potentially unwanted
program Adware-P2PNet.
The file or process has been deleted.
C:\WINNT\bi.ini ... Found potentially unwanted program Generic Adware.txt.
The file or process has been deleted.
C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1015.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINNT\Downloaded Program Files\HDPlugin1015.inf ... Found potentially
unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINNT\Downloaded Program Files\search.inf ... Found the INF/StartPage-FH
trojan !!!
The file or process has been deleted.
C:\WINNT\Downloaded Program Files\WUInst.dll ... Found potentially unwanted
program Adware-SaveNow.
The file or process has been deleted.
C:\WINNT\Downloaded Program Files\WUInst.inf ... Found potentially unwanted
program Adware-SaveNow.
The file or process has been deleted.
C:\WINNT\inf\bi.inf ... Found potentially unwanted program
Adware-abetterintrnt.
The file or process has been deleted.
C:\WINNT\inf\biC.inf ... Found potentially unwanted program
Adware-abetterintrnt.
The file or process has been deleted.
C:\WINNT\inf\flashtlk.inf ... Found potentially unwanted program
Adware-abetterintrnt.
The file or process has been deleted.
C:\WINNT\inf\payload.inf ... Found potentially unwanted program
Adware-abetterintrnt.
The file or process has been deleted.
C:\WINNT\SAHUninstall.exe ... Found potentially unwanted program
Adware-SAHAgent.
The file or process has been deleted.
C:\WINNT\system32\ctpp3.dll ... Found potentially unwanted program
Adware-BHO.gen.b.
The file or process has been deleted.
C:\WINNT\system32\ctsr3.dll ... Found potentially unwanted program
Adware-EZSearch.
The file or process has been deleted.
C:\WINNT\system32\drivers\etc\hosts ... Found potentially unwanted program
Redirected HOSTS.
The virus has been removed from the file.
Checking for another virus in the file ...
C:\WINNT\system32\IEDriver\3.exe ... Found potentially unwanted program
Adware-IEDriver.
The file or process has been deleted.
C:\WINNT\system32\IEDriver\IEDRIVER.EXE ... Found potentially unwanted
program Adware-IEDriver.
The file or process has been deleted.
C:\WINNT\system32\IEDriver\IEUPDATE.EXE ... Found potentially unwanted
program Adware-IEDriver.
The file or process has been deleted.
C:\WINNT\system32\in5bCs.dll ... Found the Generic MultiDropper.f trojan !!!
The file or process has been deleted.
C:\WINNT\system32\pcs\init.dll ... Found potentially unwanted program
Adware-PromulGate.dll.
The file or process has been deleted.
C:\WINNT\system32\pcs\pcsvcAccess.ocx ... Found potentially unwanted program
Generic PUP.a.
The file or process has been deleted.
C:\WINNT\system32\setup_incred_5.exe ... Found potentially unwanted program
Adware-KeenValue.
The file or process has been deleted.
C:\WINNT\system32\temp ... Found the IRC/Flood.dk trojan !!!
The file or process has been deleted.
C:\WINNT\system32\wins\SVCHOST.EXE\SVCHOST.EXE ... Found the W32/Nachi!tftpd
virus !!!
The file or process has been deleted.
C:\WINNT\whAgent.inf ... Found potentially unwanted program Spyware-WebHancer.
The file or process has been deleted.
C:\WINNT\whInstaller.ini ... Found potentially unwanted program
Spyware-WebHancer.
The file or process has been deleted.

A file(s) requires a reboot to complete the repair.
You are recommended to reboot the computer.

Summary report on C:\*.*
File(s)
Total files: ........... 151975
Clean: ................. 151825
Possibly Infected: ..... 11
Cleaned: ............... 2
Deleted: ............... 142
Non-critical Error(s): 3
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:19.49




"David H. Lipman" wrote:

From: "SirWhale"

| Sorry I was in-camp for the past week. In the military you see, so weekdays
| are out for me. I'll get down to your solutions as soon I've got the time,
| schedule's pretty tight.
|

I honour you sir for your service :-)

G-d speed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "SirWhale"

| Here's the report in normal mode.
|

McAfee Log Snipped

You had many instances of adweare, the Nachi worm and several Trojans. Your PC was
undoubtedly infected !

Based upon the amount of adware found...


If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp


Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadge...4332b4b8b8442d

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Yeap um I have those already, except BHOdemon. I'll do a final scan soon
enough.

"David H. Lipman" wrote:

From: "SirWhale"

| Here's the report in normal mode.
|

McAfee Log Snipped

You had many instances of adweare, the Nachi worm and several Trojans. Your PC was
undoubtedly infected !

Based upon the amount of adware found...


If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp


Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadge...4332b4b8b8442d

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "SirWhale"

| Yeap um I have those already, except BHOdemon. I'll do a final scan soon
| enough.

I hope that they are Ad-aware SE v1.06 and SpyBiot S&D v1.4 and they are fully updated.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

I dont know how to open the .ref file for adaware 1.06..

"SirWhale" wrote:

Ive been recently hit by a bloodhound.w32.ep virus. Tried using the multi_AV
tool but it doesnt work for me because it doesnt seem to be able to download
the files (with the firewall turned off), so I was just wondering if there is
any alternative solutions.

From: "SirWhale"

| I dont know how to open the .ref file for adaware 1.06..
|


You don't. Ad-aware does. The REF file needs to be in the same folder as; Ad-Aware.exe.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm