Re: Bloodhound.exploit.6 Trojan
From: Cris (cris_at_notienecorreo.com)
Date: 09/01/04
- Next message: Rob Rosenberger: "[Vmyths.com ALERT] Follow-up on latest cyber-terror prediction"
- Previous message: Dave McAuliffe: "Re: Surprise Virus Notification"
- In reply to: Lon: "Re: Bloodhound.exploit.6 Trojan"
- Next in thread: Lon: "Re: Bloodhound.exploit.6 Trojan"
- Reply: Lon: "Re: Bloodhound.exploit.6 Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 Sep 2004 01:05:51 +0200
">Regarding the screen that came up about
>configuration:"
You can considered that screen a finished issue.
>As to items in my start menu, I have
>15 that run in start up (they include NSW2003 w/NAV, ISP
>Earthlink, Yahoo Messenger, Adobe Acrobat and one or two
>others).I think I need them all at start-up.
I understand these are the programs in Start / All programs. Here you may
have dozens... Nothing to change there now.
A different thing is what we saw in a previous post: Start / Run / type
msconfig in the open box / then OK. The tab in the right (startup) shows a
list of programs (nothing to do with "Start / All programs.") We normally
uncheck the unnecesary ones for the startup process. You can read here to
learn more and decide:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;q310560&ID=KB;EN-US;q310560
and
http://support.ap.dell.com/ap/en/kb/document.asp?DN=HO1014939#step3
Remember the famous screen will come again if configuration is changed...
but it is normal.
">About a
>firewall, I have Microsoft firewall enabled. That is the
>only one. I also have NSW2003 w/NAV up-to-date. "
Remember: one firewall and one updated antivirus. (Although some people
say...)
">The only
>thing I have in Windows Update is xpsp2 waiting for
>download. All other critical updates I have. Not
>installing xpsp2 yet, not sure if computer is big enough
>for download."
Check and learn first. You will have to install it sooner or later but you
aren't in a hurry right now.
"Last item: I am gaining access to this
newsgroup via
http://support.microsoft.com/newsgroups/default.aspx I have Outlook
Epxress 6.0 on my computer but don't use it. If you could
let me know how to gain access to newsgroups via Outlook
Express"
Clear explanations in:
http://www.microsoft.com/windows/ie/using/howto/oe/gettingnews.mspx#XSLTsection125121120120
http://www.microsoft.com/windows/ie/using/howto/oe/newsgroups.mspx
In "News (NNTP) server" write msnews.microsoft.com. There are a lot of
groups to choose. This one is
microsoft.public.security.virus.mmicrosoft.public.es.outlookexpressicrosoft.
public.es.outlookexpress
Remember: never publish your real e-mail account in a newsgroup. (To avoid
spam and virus.)
"and as long as it doesn't interfere with my
Outlook e-mail, then I would be anxious to try it."
In Internet Explorer go to Tools / Internet Options / Programs. Then select
e-mail: Microsoft Outlook (Or the one you prefer.) News accounts: Outlook
Express.
"Then I
could read posts from my computer instead of here at
work. Again, thank you for the time you took to help me
with my problems and I hope I don't run into a virus
again."
I understand now. I also use OE 6.0 to read rewsgroups. :-)
"Lon" <anonymous@discussions.microsoft.com> escribió en el mensaje
news:019d01c48f87$9ab44980$a401280a@phx.gbl...
Sorry it took so long to get to you but had to use the
computer at work. Will answer questions you asked me and
tell you where I am at this time and then ask one or two
more questions. Regarding the screen that came up about
configuration: When I had gone into safe mode and did scan
etc. I then rebooted. Computer came back on with desktop
and same message. Rebooted again in safe mode and safe
mode was highlited. Changed it to Start in Regular Mode,
rebooted and message gone. Don't know what happened but it
seems to been fixed. As to items in my start menu, I have
15 that run in start up (they include NSW2003 w/NAV, ISP
Earthlink, Yahoo Messenger, Adobe Acrobat and one or two
others).I think I need them all at start-up. About a
firewall, I have Microsoft firewall enabled. That is the
only one. I also have NSW2003 w/NAV up-to-date. The only
thing I have in Windows Update is xpsp2 waiting for
download. All other critical updates I have. Not
installing xpsp2 yet, not sure if computer is big enough
for download. Last item: I am gaining access to this
newsgroup via
http://support.microsoft.com/newsgroups/default.aspx I
use Microsoft Outlook 2000 SR1 for e-mail. I have Outlook
Epxress 6.0 on my computer but don't use it. If you could
let me know how to gain access to newsgroups via Outlook
Express and as long as it doesn't interfere with my
Outlook e-mail, then I would be anxious to try it. Then I
could read posts from my computer instead of here at
work. Again, thank you for the time you took to help me
with my problems and I hope I don't run into a virus
again.
>-----Original Message-----
>Chris.... Again thanks but still could not read post.
>Don't know why I can't read just some.
>
>Probably you haven't restored this group for a long time
and you have too
>many posts. Restore and compact posts in as many grupos
as you have in your
>newsreader.
>
>Is your newsreader updated?
>
>Try solving this, otherwise you won't be able to
read... :-(
>
>
>"Lon" <anonymous@discussions.microsoft.com> escribió en
el mensaje
>news:1dd201c48d1a$c6ea5a90$a601280a@phx.gbl...
>Chris.... Again thanks but still could not read post.
>Don't know why I can't read just some. The screen that
>come up on desktop saying something like Configuration
>has been changed etc. is now gone. Went back into Safe
>Mode, made sure Start Windows Normally was selected,
>Rebooted again and message gone. When I go to work on
>Monday I will pull up posts from there and see if I can
>read them. Just wanted to let you know you have been very
>helpful......and hope your day is just great.
>>-----Original Message-----
>>Thanks Chris for getting back to me but again I can't
>>seem to pull up and read your last post for 08-27-04 at
>>7:18. Don't know what is wrong. Would it be too much
>>trouble to copy and paste again? Would really
>appreciate
>>it as I am sure the answer to my question is in that
>>post.
>>
>>>-----Original Message-----
>>>Not bad for your first experience with virus... :-)
>>>
>>>I was told that when you disable and unable your system
>>restore and follo
>>>the steps as you did virus disappear...
>>>
>>>
>>>"Lon" <anonymous@discussions.microsoft.com> escribió en
>>el mensaje
>>>news:a98001c487ff$d93c6280$a401280a@phx.gbl...
>>>> I am using Windows XP Pro sp1 with IE6.0 and NSW2003
>>with
>>>> NAV and Yahoo Anti-spy and spyblocker. Today my NAV
>>>> program informed me I had a virus on my computer
>called
>>>> Bloodhound.exploit.6 that they could not fix. I found
>>the
>>>> site
>>>>
>>www.symantec.com/avcenter/venc/data/pf/trojan.trunlow.htm
>l
>>>> for the removal procedures, printed them off and
>>>> followed the steps given. This is what I did:
>>>> 1. Disabled System restore
>>>> 2. Updated my NAV definitions by running live update
>>>> 3. Ran a full system virus scan to check for
>>>> Trojan.Trunlow files and found none. (was told if any
>>>> trojan/trudlow files found to delete and if not to
>>delete
>>>> value in registry)
>>>> 4. Went off line and then backed up the entire
>registry
>>>> and placed it on my desktop
>>>> 5. went to start/run/type regedit and steps told me to
>>>> search for key
>>>>
>>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
>i
>>>> on\Run and on the right side panel to delete the
>>>> value "Microsoft Eventlog"-"%Windir%\Winupdate.exe"
>>>> ........I got to this step but when I went into
>>>> start/run/type regedit I found the HKEY_LOCAL_MACHINE
>>>> folder on left side and on the right side the only
>>thing
>>>> it said was Default REG_SZ value not set. I didn't
>>do
>>>> anything or find anything just
>>>> 6. Exited registry, rebooted computer, and then
>enabled
>>>> system restore.
>>>> 7. Ran Hijackthis and analyzed log and there were no
>>red
>>>> items found and couldn't find anything with Trojan in
>>it.
>>>> I also wanted to run full scan again in safe mode
>>and
>>>> check regedit again, but I couldn't get my computer
>to
>>go
>>>> into safe mode. Mine says to hit F1 but when I did
>>there
>>>> was no selection for safe mode.
>>>> Questions:
>>>> a. From what I have said above, can someone tell me
>if
>>I
>>>> no longer have this bloodhound.exploit.6 virus? And
>>how
>>>> can I tell if it is gone or not? And if it is gone
>how
>>>> did I get rid of it when I didn't delete anything?
>>>> b. What does it mean when it said in regedit Default
>>>> REG_SZ no value set
>>>> c. How can I get my computer to go into safe mode?
>>When I
>>>> boot up it says to go to the BIOS click F1 but doesn't
>>>> list safe mode.
>>>> d. Do I need to run full scan again in safe mode (once
>>>> found) and go to regedit again in safe mode?
>>>> Didn't mean this to be so long, but have never tried
>to
>>>> get rid of a virus before and just wanted someone to
>>let
>>>> me know if steps I took were correct and if there is
>>>> something else I need to do. I just want to know if
>it
>>is
>>>> gone and what I can do to make sure it doesn't come
>>>> back. Any advice or help with this would be greatly
>>>> appreciated.
>>>>
>>>
>>>
>>>.
>>>
>>.
>>
>
>
>.
>
- Next message: Rob Rosenberger: "[Vmyths.com ALERT] Follow-up on latest cyber-terror prediction"
- Previous message: Dave McAuliffe: "Re: Surprise Virus Notification"
- In reply to: Lon: "Re: Bloodhound.exploit.6 Trojan"
- Next in thread: Lon: "Re: Bloodhound.exploit.6 Trojan"
- Reply: Lon: "Re: Bloodhound.exploit.6 Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
