Re: Bloodhound.exploit.6 Trojan
From: Lon (anonymous_at_discussions.microsoft.com)
Date: 09/01/04
- Next message: David H. Lipman: "RE: SPELL CHECK POPS UP"
- Previous message: Jeremy: "Re: aiRstRiKe @ uLtiMate-fXp-CreW Virus?"
- In reply to: Cris: "Re: Bloodhound.exploit.6 Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 Sep 2004 06:48:14 -0700
I want to thank you for helping me. It was greatly
appreciated. I wrote down all sites you gave me and will
check them out when I get home tonight. I believe right
now I am fine and have no problems. I have been reading up
on xpsp2, printed all info off. Also posted in newsgroup
for XP but was told to hold off for now from installing
it. I did order CD so that when it comes I could then
install that way. Just hope your day is great and again
thanks. If any more problems arise I will know where to
go and get some help.
>-----Original Message-----
>">Regarding the screen that came up about
>>configuration:"
>
>You can considered that screen a finished issue.
>
>>As to items in my start menu, I have
>>15 that run in start up (they include NSW2003 w/NAV, ISP
>>Earthlink, Yahoo Messenger, Adobe Acrobat and one or two
>>others).I think I need them all at start-up.
>
>I understand these are the programs in Start / All
programs. Here you may
>have dozens... Nothing to change there now.
>
>A different thing is what we saw in a previous post:
Start / Run / type
>msconfig in the open box / then OK. The tab in the right
(startup) shows a
>list of programs (nothing to do with "Start / All
programs.") We normally
>uncheck the unnecesary ones for the startup process. You
can read here to
>learn more and decide:
>
>http://support.microsoft.com/default.aspx?scid=KB;EN-
US;q310560&ID=KB;EN-US;q310560
>and
>http://support.ap.dell.com/ap/en/kb/document.asp?
DN=HO1014939#step3
>
>Remember the famous screen will come again if
configuration is changed...
>but it is normal.
>
>">About a
>>firewall, I have Microsoft firewall enabled. That is the
>>only one. I also have NSW2003 w/NAV up-to-date. "
>
>Remember: one firewall and one updated antivirus.
(Although some people
>say...)
>
>">The only
>>thing I have in Windows Update is xpsp2 waiting for
>>download. All other critical updates I have. Not
>>installing xpsp2 yet, not sure if computer is big enough
>>for download."
>
>Check and learn first. You will have to install it sooner
or later but you
>aren't in a hurry right now.
>
>"Last item: I am gaining access to this
>newsgroup via
>http://support.microsoft.com/newsgroups/default.aspx I
have Outlook
>Epxress 6.0 on my computer but don't use it. If you could
>let me know how to gain access to newsgroups via Outlook
>Express"
>
>Clear explanations in:
>
>http://www.microsoft.com/windows/ie/using/howto/oe/getting
news.mspx#XSLTsection125121120120
>http://www.microsoft.com/windows/ie/using/howto/oe/newsgro
ups.mspx
>
>In "News (NNTP) server" write msnews.microsoft.com. There
are a lot of
>groups to choose. This one is
>microsoft.public.security.virus.mmicrosoft.public.es.outlo
okexpressicrosoft.
>public.es.outlookexpress
>
>Remember: never publish your real e-mail account in a
newsgroup. (To avoid
>spam and virus.)
>
>"and as long as it doesn't interfere with my
>Outlook e-mail, then I would be anxious to try it."
>
>In Internet Explorer go to Tools / Internet Options /
Programs. Then select
>e-mail: Microsoft Outlook (Or the one you prefer.) News
accounts: Outlook
>Express.
>
>"Then I
>could read posts from my computer instead of here at
>work. Again, thank you for the time you took to help me
>with my problems and I hope I don't run into a virus
>again."
>
>I understand now. I also use OE 6.0 to read rewsgroups. :-
)
>
>"Lon" <anonymous@discussions.microsoft.com> escribió en
el mensaje
>news:019d01c48f87$9ab44980$a401280a@phx.gbl...
>Sorry it took so long to get to you but had to use the
>computer at work. Will answer questions you asked me and
>tell you where I am at this time and then ask one or two
>more questions. Regarding the screen that came up about
>configuration: When I had gone into safe mode and did scan
>etc. I then rebooted. Computer came back on with desktop
>and same message. Rebooted again in safe mode and safe
>mode was highlited. Changed it to Start in Regular Mode,
>rebooted and message gone. Don't know what happened but it
>seems to been fixed. As to items in my start menu, I have
>15 that run in start up (they include NSW2003 w/NAV, ISP
>Earthlink, Yahoo Messenger, Adobe Acrobat and one or two
>others).I think I need them all at start-up. About a
>firewall, I have Microsoft firewall enabled. That is the
>only one. I also have NSW2003 w/NAV up-to-date. The only
>thing I have in Windows Update is xpsp2 waiting for
>download. All other critical updates I have. Not
>installing xpsp2 yet, not sure if computer is big enough
>for download. Last item: I am gaining access to this
>newsgroup via
>http://support.microsoft.com/newsgroups/default.aspx I
>use Microsoft Outlook 2000 SR1 for e-mail. I have Outlook
>Epxress 6.0 on my computer but don't use it. If you could
>let me know how to gain access to newsgroups via Outlook
>Express and as long as it doesn't interfere with my
>Outlook e-mail, then I would be anxious to try it. Then I
>could read posts from my computer instead of here at
>work. Again, thank you for the time you took to help me
>with my problems and I hope I don't run into a virus
>again.
>>-----Original Message-----
>>Chris.... Again thanks but still could not read post.
>>Don't know why I can't read just some.
>>
>>Probably you haven't restored this group for a long time
>and you have too
>>many posts. Restore and compact posts in as many grupos
>as you have in your
>>newsreader.
>>
>>Is your newsreader updated?
>>
>>Try solving this, otherwise you won't be able to
>read... :-(
>>
>>
>>"Lon" <anonymous@discussions.microsoft.com> escribió en
>el mensaje
>>news:1dd201c48d1a$c6ea5a90$a601280a@phx.gbl...
>>Chris.... Again thanks but still could not read post.
>>Don't know why I can't read just some. The screen that
>>come up on desktop saying something like Configuration
>>has been changed etc. is now gone. Went back into Safe
>>Mode, made sure Start Windows Normally was selected,
>>Rebooted again and message gone. When I go to work on
>>Monday I will pull up posts from there and see if I can
>>read them. Just wanted to let you know you have been very
>>helpful......and hope your day is just great.
>>>-----Original Message-----
>>>Thanks Chris for getting back to me but again I can't
>>>seem to pull up and read your last post for 08-27-04 at
>>>7:18. Don't know what is wrong. Would it be too much
>>>trouble to copy and paste again? Would really
>>appreciate
>>>it as I am sure the answer to my question is in that
>>>post.
>>>
>>>>-----Original Message-----
>>>>Not bad for your first experience with virus... :-)
>>>>
>>>>I was told that when you disable and unable your system
>>>restore and follo
>>>>the steps as you did virus disappear...
>>>>
>>>>
>>>>"Lon" <anonymous@discussions.microsoft.com> escribió en
>>>el mensaje
>>>>news:a98001c487ff$d93c6280$a401280a@phx.gbl...
>>>>> I am using Windows XP Pro sp1 with IE6.0 and NSW2003
>>>with
>>>>> NAV and Yahoo Anti-spy and spyblocker. Today my NAV
>>>>> program informed me I had a virus on my computer
>>called
>>>>> Bloodhound.exploit.6 that they could not fix. I found
>>>the
>>>>> site
>>>>>
>>>www.symantec.com/avcenter/venc/data/pf/trojan.trunlow.ht
m
>>l
>>>>> for the removal procedures, printed them off and
>>>>> followed the steps given. This is what I did:
>>>>> 1. Disabled System restore
>>>>> 2. Updated my NAV definitions by running live update
>>>>> 3. Ran a full system virus scan to check for
>>>>> Trojan.Trunlow files and found none. (was told if any
>>>>> trojan/trudlow files found to delete and if not to
>>>delete
>>>>> value in registry)
>>>>> 4. Went off line and then backed up the entire
>>registry
>>>>> and placed it on my desktop
>>>>> 5. went to start/run/type regedit and steps told me
to
>>>>> search for key
>>>>>
>>>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVer
s
>>i
>>>>> on\Run and on the right side panel to delete the
>>>>> value "Microsoft Eventlog"-"%Windir%\Winupdate.exe"
>>>>> ........I got to this step but when I went into
>>>>> start/run/type regedit I found the HKEY_LOCAL_MACHINE
>>>>> folder on left side and on the right side the only
>>>thing
>>>>> it said was Default REG_SZ value not set. I didn't
>>>do
>>>>> anything or find anything just
>>>>> 6. Exited registry, rebooted computer, and then
>>enabled
>>>>> system restore.
>>>>> 7. Ran Hijackthis and analyzed log and there were no
>>>red
>>>>> items found and couldn't find anything with Trojan in
>>>it.
>>>>> I also wanted to run full scan again in safe mode
>>>and
>>>>> check regedit again, but I couldn't get my computer
>>to
>>>go
>>>>> into safe mode. Mine says to hit F1 but when I did
>>>there
>>>>> was no selection for safe mode.
>>>>> Questions:
>>>>> a. From what I have said above, can someone tell me
>>if
>>>I
>>>>> no longer have this bloodhound.exploit.6 virus? And
>>>how
>>>>> can I tell if it is gone or not? And if it is gone
>>how
>>>>> did I get rid of it when I didn't delete anything?
>>>>> b. What does it mean when it said in regedit Default
>>>>> REG_SZ no value set
>>>>> c. How can I get my computer to go into safe mode?
>>>When I
>>>>> boot up it says to go to the BIOS click F1 but
doesn't
>>>>> list safe mode.
>>>>> d. Do I need to run full scan again in safe mode
(once
>>>>> found) and go to regedit again in safe mode?
>>>>> Didn't mean this to be so long, but have never tried
>>to
>>>>> get rid of a virus before and just wanted someone to
>>>let
>>>>> me know if steps I took were correct and if there is
>>>>> something else I need to do. I just want to know if
>>it
>>>is
>>>>> gone and what I can do to make sure it doesn't come
>>>>> back. Any advice or help with this would be greatly
>>>>> appreciated.
>>>>>
>>>>
>>>>
>>>>.
>>>>
>>>.
>>>
>>
>>
>>.
>>
>
>
>.
>
- Next message: David H. Lipman: "RE: SPELL CHECK POPS UP"
- Previous message: Jeremy: "Re: aiRstRiKe @ uLtiMate-fXp-CreW Virus?"
- In reply to: Cris: "Re: Bloodhound.exploit.6 Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
