Jump to content
Sign in to follow this  
Guest semin

Bloodhound.w32.ep!

Recommended Posts

Guest semin

Hi everyone..Nowadays I have a serious problem. All of a sudden my laptop (i 'm sorry my mistake; MY BROTHER's laptop! besides that's the biggest problem:) began to open some stupid sites, black screens(?) etc(i don't understand anything from those, a black screen appears and then writings writings...i just stare:). then i thought that the comp might be effected by a virus (genius ha?:) i scanned wia norton, it found a trojan and quarantined it and it found smtg else called bloodhound.w32.ep and this is attached to dailin.exe (system32 file as far as i know). Norton cannot do anything to that and i can't do anything about going crazy either. By the way i read almost evert message on this topic but i don't get anything about this hijacking stuff. How am i supposed to hijack this machine:)

 

PS: i have some brilliant ideas but please somebody stop me! i'm thinking of deleting dailin.exe from system32 and then somehow rebuilding it with the cabs etc. once i deleted rundll32 and then fixed it with the help of forum messages by the cabs i don't know..i just did what you told me to do..

Anyway i talked a lot. Thanx for your help from now...

 

semin

Share this post


Link to post
Share on other sites

wow i didnt know Chernobyl was still around.... your lucky it didnt get to run ;)

Share this post


Link to post
Share on other sites
Guest mwalsh1055

I, too, am frustrated today with this particular virus. :angry: My OS is WinXP Home Ed (FAT32) and I have NAV 2004 (which was installed less than 2 wks ago). Supposedly, this virus does not affect Windows XP, so how come my NAV keeps saying it's found it on files in Windows\System32\TFTP*? :( I am currently downloading Windows XP updates (which I seriously suspect may be the source of this *[email protected]#& virus). Any advice from you experienced folks?

Share this post


Link to post
Share on other sites

Welcome To The Pit Mwalsh1055. :)

 

Seems a lot of XP users are having this problem.

 

W95/CIH.1003 (aka)

 

Chernobyl

CIH v1.2

W32/CIH.Spacefiller

W95/CIH.1003a

W95/CIH.1003b

W95/CIH.1003c

W95/CIH.1003d

W95/CIH.1003dr

W95/CIH.1003e

W95/CIH.1003f

W95/CIH.1049

Win95.CIH

Win95/CIH.1003

 

 

Quote from Mcafee:

 

"W95/CIH viruses are able to split up the body of the virus code and place it within unused parts of the infected file (PE files usually contain lots of unused space). Such files will not execute on NT, Windows 2000 or XP because their structure is not valid (loader for Windows 95/98/Me is much less careless and can load such files). "

 

There is a removal tool for W95.CIH and it's variants which can be safely run on XP, even although it may not do anything KILL_CIH

 

If it does not help, you can always upload the file to Symantec for analysis Submitting A File

 

This info also applies to those with the Bloodhound.W32.EP problem, (another variant).

 

Inp. ;)

Share this post


Link to post
Share on other sites
Guest mwalsh1055

Thanks for the info Inprofile. I will give it a try. This is so much fun, isn't it? I just am at a loss to understand why people with talent enough to design/manufacture/develop something like a virus would do it--it's just plain mean. :mrsgreen: It's sad to think that there are people out there that like to cause this kind of havoc when they could be doing much more positive things! Guess it's kind of like cyberspace graffiti, only I think much more destructive. Well, I'll get off my soapbox now and go try your suggestions. Thanks again. :)

Share this post


Link to post
Share on other sites
Guest sneakiefeline

I am confused........it doesnt take much.........but this bloodhound w32 ep does it infect win 2000 or not? the stuff hear says it doesnt but its my computer with win 2000 on that i am getting a message saying that I have got it. I have done a Housecall scan and that does not pick up any problem. however this machine keeps closing down!!

 

I am getting a message that C/WINNT?System32?Isass.exe is terminating early, status code 128.

 

can anyone help pleease.

 

it wouldnt be so bad but i have hardly ever used this machine and switched on yesterday to watch Olympics and now it keeps closing down.

 

Kat

Share this post


Link to post
Share on other sites

Welcome To The Pit Sneakiefeline. :)

 

Lsass.exe or Isass.exe??

 

LSASS.EXE - ISASS.EXE - I think it's the latter, OPTIX PRO.

 

Do you have a firewall?? If not, try and download this one Sygate

 

Then try and d/load and install this 30 day free trial trojan remover TDS-3 - Removal information

 

Note the words "try".

 

Post back if you need any further help or info.

 

Inp. ;)

 

BTW. Do you have access to another pc??

Share this post


Link to post
Share on other sites

Just to let everyone know I am currently doing a guy at work a favour and looking over his kids computer for him. Well I found over 5000 spyware (some are still persistant and I cannot rid them) and about 55 spybots plus about 99 infected files through NAV 2003. In other words lay off da porn! :blushing:

Seriously though they are running Windows XP and it is still messing with their system and showing a constant you have a virus infection window! So this means that this virus has either changed or can adapt to affect Windows 2000 and above.

 

Ugh - I am endeavoring to fix this doorstop and I will keep you updated and I will use the above suggestions. Thank you all for those! This is definately one community I have come to for answers as you can get a lot of good advice here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...