Bloodhound.exploit.6 Trojan

From: Lon (anonymous_at_discussions.microsoft.com)
Date: 08/22/04


Date: Sat, 21 Aug 2004 21:24:00 -0700

I am using Windows XP Pro sp1 with IE6.0 and NSW2003 with
NAV and Yahoo Anti-spy and spyblocker. Today my NAV
program informed me I had a virus on my computer called
Bloodhound.exploit.6 that they could not fix. I found the
site
www.symantec.com/avcenter/venc/data/pf/trojan.trunlow.html
 for the removal procedures, printed them off and
followed the steps given. This is what I did:
1. Disabled System restore
2. Updated my NAV definitions by running live update
3. Ran a full system virus scan to check for
Trojan.Trunlow files and found none. (was told if any
trojan/trudlow files found to delete and if not to delete
value in registry)
4. Went off line and then backed up the entire registry
and placed it on my desktop
5. went to start/run/type regedit and steps told me to
search for key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run and on the right side panel to delete the
value "Microsoft Eventlog"-"%Windir%\Winupdate.exe"
........I got to this step but when I went into
start/run/type regedit I found the HKEY_LOCAL_MACHINE
folder on left side and on the right side the only thing
it said was Default REG_SZ value not set. I didn't do
anything or find anything just
6. Exited registry, rebooted computer, and then enabled
system restore.
7. Ran Hijackthis and analyzed log and there were no red
items found and couldn't find anything with Trojan in it.
   I also wanted to run full scan again in safe mode and
check regedit again, but I couldn't get my computer to go
into safe mode. Mine says to hit F1 but when I did there
was no selection for safe mode.
Questions:
a. From what I have said above, can someone tell me if I
no longer have this bloodhound.exploit.6 virus? And how
can I tell if it is gone or not? And if it is gone how
did I get rid of it when I didn't delete anything?
b. What does it mean when it said in regedit Default
REG_SZ no value set
c. How can I get my computer to go into safe mode? When I
boot up it says to go to the BIOS click F1 but doesn't
list safe mode.
d. Do I need to run full scan again in safe mode (once
found) and go to regedit again in safe mode?
Didn't mean this to be so long, but have never tried to
get rid of a virus before and just wanted someone to let
me know if steps I took were correct and if there is
something else I need to do. I just want to know if it is
gone and what I can do to make sure it doesn't come
back. Any advice or help with this would be greatly
appreciated.



Relevant Pages

  • RE: Bloodhound.exploit.6 Trojan
    ... It is not clear to me that you have removed this virus. ... What does it mean when it said in Regedit Default REG_SZ no value set ... Each and every key in the registry has a single default ... How can I get my computer to go into safe mode? ...
    (microsoft.public.security.virus)
  • Re: TrojanDownloader Virus
    ... I got lucky and found my config utility in my help support ... Then I used my NAV to scan my virus holding file, it did and quarranteed it, ... > Various systems may boot in safe mode using different keys. ...
    (microsoft.public.security.virus)
  • Re: How do I remove Downloader virus??? Help!
    ... that's the only name NAV will give me. ... Trojan Horse virus and that it's called "Downloader". ... If the file is in use and can't be deleted or renamed in Safe Mode, ... If Ewido doesn't find anything, do as I also suggested and run HijackThis ...
    (microsoft.public.security.virus)
  • Re: Bloodhound.exploit.6 Trojan
    ... >the steps as you did virus disappear... ... Disabled System restore ... >> I also wanted to run full scan again in safe mode ... What does it mean when it said in regedit Default ...
    (microsoft.public.security.virus)
  • Bloodhound.exploit.6 Trojan
    ... Bloodhound.Exploit.6 I did not run scan in safe mode. ... I am not going to go back to regedit because I am not ... >NAV and Yahoo Anti-spy and spyblocker. ... >program informed me I had a virus on my computer called ...
    (microsoft.public.security.virus)