Re: Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/17/04

• Next message: Ann: "virus or what???"
• Previous message: David W: "Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!"
• In reply to: David W: "Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!"
• Next in thread: Chuck: "Re: Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 17 Dec 2004 06:37:35 -0500

1) Download the following three items...

         Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend signature files.
         http://www.trendmicro.com/download/pattern.asp

         Adaware SE (free personal version v1.05)
         http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt303.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
        platform and clean/delete any infectors/parasites found.
        (a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
        Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *

Dave

"David W" <david.walmsley@gmail.com> wrote in message
news:be0db2c3.0412170333.52fd828a@posting.google.com...
| I managed to pick up Adware - labelled as Adware.iefeats by Norton AV.
| It came with a file that NAV called Bloodhound.Packed - which is
| Norton's way of saying "we don't know what it is - please send it in".
| I've followed all the instructions on their site but can't shift it -
| in fact it keeps replicating - I've now got 26 copies.
|
| NAV spots the infected files on scan but can't fix them. It will
| quarantine the Bloodhound.Packed virus files but won't let me submit
| them as it says LiveUpdate needs to be run. However LiveUpdate tells
| me it's fully up to date - a Catch 22. Is this something to do with
| the virus maybe?
|
| I've done switching off System Restore, starting in safe mode and
| scanning that way. Same results - finds the files, but can't fix them,
| the Bloodhound files go into Quarantine but not the Adware files and
| they can't be deleted from my machine because the files are never
| visible where Norton says they should be.
|
| If I delete the Bloodhound files from inside the Quarantine area then
| restart the machine in Normal or Safe mode the Bloodhound.Packed files
| reappear in the scan!
|
| I've also run Norton's own Adware removal tool - again no joy. I've
| also looked in the registry to follow Norton's instructions on Adware
| - but the paths and settings that Norton say to remove don't appear.
| This kind of suggests to me that Norton haven't seen this variation
| before.
|
| Can anyone here help me? I'm really quite worried now.
|
| I'm running Windows ME with IE5 and NAV 2004.

---

• Next message: Ann: "virus or what???"
• Previous message: David W: "Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!"
• In reply to: David W: "Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!"
• Next in thread: Chuck: "Re: Adware.iefeats plus Bloodhound.Packed virus - can't get off machine!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Question - what virus was it? ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... > Most of Norton's manual assumes you have windows up and Norton ... (microsoft.public.security.virus) Re: Trojan Horse - logs.exe ... Download sysclean.com and place it in that directory. ... Re-enable System Restore and re-apply any System Restore preferences, ... | Norton could not fix it. ... | I've checked the Registry and there is no value "logs" - ... (microsoft.public.windowsxp.general) Re: VB runtime files made everything stop working..can anyone help me ... > unfortunately, it made Norton stop working, now i receieve an error saying ... I tried to do a system restore, but it didnt do a thing. ... What Norton product is this? ... Are you sure that it is this download which has caused the problem? ... (microsoft.public.vb.winapi) Re: Adware ISTbar, IStsvc.exe please help me remove this adware ... | I just found out that i have this adware installed on my pc and tried to ... Trend Sysclean Package ... Download SYSCLEAN.COM and place it in that directory. ... Re-enable System Restore and re-apply any System Restore preferences, ... (microsoft.public.windowsxp.general) Re: Adware ISTbar, IStsvc.exe please help me remove this adware ... and got the same adware on my system, even after rebooting from safe mode to ... > Trend Sysclean Package ... > Download SYSCLEAN.COM and place it in that directory. ... > 8) Re-enable System Restore and re-apply any System Restore preferences, ... (microsoft.public.windowsxp.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)