Re: Bloodhound.exploit.6 Trojan

From: Cris (cris_at_notienecorreo.com)
Date: 08/27/04 

Date: Fri, 27 Aug 2004 03:47:25 +0200

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html

Extra info

"Lon" <anonymous@discussions.microsoft.com> escribió en el mensaje
news:0fa501c48bce$e21ef520$a601280a@phx.gbl...
> Pauly, thanks for answering my post. For some reason your
> response won't come up on my screen. Just blank so I
> don't know what you said. Will tell you that since first
> post I have installed Adware SE and found 9 criticals (7
> registry, 1 malware and 1 tracking) Deleted those. Don't
> know if one of the registry's was the
> Bloodhound.Exploit.6 I did not run scan in safe mode.
> Should Adware SE be run in safe mode? You have to be
> connected to the internet and I don't know if you can do
> this from safe mode. I also ran a browser security check
> for IE and no problems found. Installed Yahoo Anti-spy,
> ran scan after updating definitions. No problems found. I
> am going to run full NAV scan in safe mode once I find
> it. I am not going to go back to regedit because I am not
> sure what I am doing so if a problem arises will contact
> an expert here at this newsgroup. If you could repost
> your first answer that would be great. And again
> thanks...
> >-----Original Message-----
> >I am using Windows XP Pro sp1 with IE6.0 and NSW2003
> with
> >NAV and Yahoo Anti-spy and spyblocker. Today my NAV
> >program informed me I had a virus on my computer called
> >Bloodhound.exploit.6 that they could not fix. I found
> the
> >site
> >www.symantec.com/avcenter/venc/data/pf/trojan.trunlow.htm
> l
> > for the removal procedures, printed them off and
> >followed the steps given. This is what I did:
> >1. Disabled System restore
> >2. Updated my NAV definitions by running live update
> >3. Ran a full system virus scan to check for
> >Trojan.Trunlow files and found none. (was told if any
> >trojan/trudlow files found to delete and if not to
> delete
> >value in registry)
> >4. Went off line and then backed up the entire registry
> >and placed it on my desktop
> >5. went to start/run/type regedit and steps told me to
> >search for key
> >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
> i
> >on\Run and on the right side panel to delete the
> >value "Microsoft Eventlog"-"%Windir%\Winupdate.exe"
> >.........I got to this step but when I went into
> >start/run/type regedit I found the HKEY_LOCAL_MACHINE
> >folder on left side and on the right side the only thing
> >it said was Default REG_SZ value not set. I didn't do
> >anything or find anything just
> >6. Exited registry, rebooted computer, and then enabled
> >system restore.
> >7. Ran Hijackthis and analyzed log and there were no red
> >items found and couldn't find anything with Trojan in it.
> > I also wanted to run full scan again in safe mode and
> >check regedit again, but I couldn't get my computer to
> go
> >into safe mode. Mine says to hit F1 but when I did there
> >was no selection for safe mode.
> >Questions:
> >a. From what I have said above, can someone tell me if I
> >no longer have this bloodhound.exploit.6 virus? And how
> >can I tell if it is gone or not? And if it is gone how
> >did I get rid of it when I didn't delete anything?
> >b. What does it mean when it said in regedit Default
> >REG_SZ no value set
> >c. How can I get my computer to go into safe mode? When
> I
> >boot up it says to go to the BIOS click F1 but doesn't
> >list safe mode.
> >d. Do I need to run full scan again in safe mode (once
> >found) and go to regedit again in safe mode?
> >Didn't mean this to be so long, but have never tried to
> >get rid of a virus before and just wanted someone to let
> >me know if steps I took were correct and if there is
> >something else I need to do. I just want to know if it
> is
> >gone and what I can do to make sure it doesn't come
> >back. Any advice or help with this would be greatly
> >appreciated.
> >
> >.
> >

Relevant Pages

  • Re: Trojan Downloader
    ... | have you try safe mode? ... | system restore roll back prior to the infection? ... Symantec strongly recommends that you back up the registry before ... If you find any references to it in the registry, but aren't sure they can be safely removed, post what you find. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Computer is Out Of Range
    ... then instead of changing the fonts I changed the resolution instead then I clicked apply then all went Out of Range. ... Then, I searched up on google on how to fix this kind of stuff and one of them says I need to connect the computer to another monitor, which I don't have and F8 for safe mode but no luck.. ... If you normally leave System Restore disabled (such ... the resolution choice is stored in the registry. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Trojan Downloader
    ... have you try safe mode? ... system restore roll back prior to the infection? ... How to turn off or turn on Windows XP System Restore" ... Symantec strongly recommends that you back up the registry before ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Trojan Downloader
    ... | have you try safe mode? ... | system restore roll back prior to the infection? ... Symantec strongly recommends that you back up the registry before ... This DLL file is protected by the OS via a BHO and via the DLL being loaded winlogin/notify ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Entered Password then computer restarts - never get logged on
    ... The next step would be a manual System Restore - see here: ... profiles and both do the same. ... I also tried in safe mode and same thing. ... The problem has to be with the local registry. ...
    (microsoft.public.windowsxp.general)
Quantcast