Jump to content
Sign in to follow this  
monty 66

Bloodhound.exploit.6

Recommended Posts

hi im looking for some help please ive just got this bloohound.exploit.6 on my pc .ok a bit of history ive got all my latest windows updates the problem i have is when i try and download the latest patch to remove this bug from microsoft patch number(KB837009)as advised from norton antivirus link. i download it and when i try and open the file ..or patch it says i need outlook express 6.0 service pack 1 installed and im sure i do because ive got internet explorer sp 1 installed also am i right in assuming outlook 6.0 is within sp1.as i dont have anymore critical and xp downloads left on the windows update.i got emm all ...

Share this post


Link to post
Share on other sites

bloohound.exploit.6 won't harm you.

You have Norton Anti Virus you say. There is an option in this program to detect "suspicious" files that are may be a virus. In fact; the file contains code which looked like viruscode but isn't it.

 

You can just ignore it :).

Share this post


Link to post
Share on other sites

Yes you should be. When I have a "bad" HijackThislog and I save it as a notepad file on my harddrive my Norton will alert me too.

So it's a common mistake of Norton :).

Share this post


Link to post
Share on other sites

Before I forget to ask; which file if the infected according to Norton?

Edited by J-P IT

Share this post


Link to post
Share on other sites

JP-IT its C:\Documents and settings/montylocal settings tep internet files/content..this is folowed by numbers and then /run(1)htlml

 

 

 

 

 

thanks monty

Share this post


Link to post
Share on other sites

Do what [email protected] says.

 

I wonder; on what kind of site were you when you for the first time received this message? Be carefull where you go on the net ;).

 

It also could be a fals possitive like a Hijack Log :).

Edited by J-P IT

Share this post


Link to post
Share on other sites

JP-It what is hans saying there is it wrong to do what he says .i dont really understand .what he means as in ie tools and stuff

Share this post


Link to post
Share on other sites

also i did a full norton scan and i see clear..so maybe im ok.what do you think

 

 

 

monty

Edited by monty 66

Share this post


Link to post
Share on other sites

JP-It what is hans saying there is it wrong to do what he says .i dont really understand .what he means as in ie tools and stuff

I'll try to explain it to you.

 

The "virus"-file is located in the folder where all your temporary internet files are stored. This means that when you remove these files your "virus" will be removed too. Hans explained how to do that.

 

In your Internet Explorer browser click on tools, then you click on internet options. On the tab "general" you have to click on the button "delete all offline files". Check the box by "Offline Files also" and confirm you want really want to remove these files.

 

When you have done this it should be alright.

 

Do you understand? If not; just ask.

Edited by J-P IT

Share this post


Link to post
Share on other sites

yes i understand now....just i did not realise it could be so easy..and theres not a way i could see if its there in any case .but i thank you guys for the help ..i dont claim to be a tech .head or i would not be pestrering nice chaps like yourself.....and on that note thanks for all your help

 

 

 

monty

Share this post


Link to post
Share on other sites
Guest doctordonzo

I just registered to this forum after reading your posting .. uh, because I just got a notice from Norton Antivirus that, like you I came across this "bloodhound exploit 6" virus. Similarly it said that it couldn't fix the problem. Naturally I started freaking out beins that I haven't had the experience before and I'm not sure what would, could or will happen. My knee jerk response was like yours too. I deleted the temporary internet files (i.e., tools > internet options > delete files). The only difference in my issue is that the file name ends with "juk [1}.htm as opposed to "run (1) . html ... does that mean anything?

Then, I ran Nortons virus scan, and again similarly it did not indicate the presence of a virus. I'm hoping to beat all get out that my situation will also be like yours in that I hope I don't have anything to worry about now ... what do youins think? Last but not least, the silver lining in all this is that this looks like a fantastic forum, and being a computer rookie I'm looking forward to learning alot from you all. Thanks in advance ....

Share this post


Link to post
Share on other sites

I just registered to this forum after reading your posting .. uh, because I just got a notice from Norton Antivirus that, like you I came across this "bloodhound exploit 6" virus. Similarly it said that it couldn't fix the problem. Naturally I started freaking out beins that I haven't had the experience before and I'm not sure what would, could or will happen.  My knee jerk response was like yours too.  I deleted the temporary internet files (i.e., tools > internet options > delete files).  The only difference in my issue is that the file name ends with "juk [1}.htm as opposed to "run (1) . html ... does that mean anything?

     Then, I ran Nortons virus scan, and again similarly it did not indicate the presence of a virus. I'm hoping to beat all get out that my situation will also be like yours in that I hope I don't have anything to worry about now ... what do youins think?  Last but not least, the silver lining in all this is that this looks like a fantastic forum, and being a computer rookie I'm looking forward to learning alot from you all.  Thanks in advance ....

Hi, I'll try to explain (my english isn't great so I hope you understand. If not; just ask).

 

Norton AV (and many more AV) have an option called bloudhound.

A virus is reconized by the code thats it contains.

 

Very simple example:

 

\\virus

<virus doedel>

<delete files>

<steal user password>

\\virus

 

If an AV (=anti virus) detects the words "doedel", couse that's a known virus, it says "Hey! Virus overhere! Pay attention. I've detected Doedel.".

 

But of cource not every virus is detected. Every day new virusses are made so that's just impossible. But if the viruscode is:

 

\\virus

<virus>

<delete files>

<steal user password>

\\virus

 

you can make the AV program that it will search for keywords such like "virus" or "steal password". If it see's that it says "Hey, possibile virus overhere found by Bloodhound!".

 

That's wat happened to you guys. The name is unimportant. It can have everyname you can imagin. So juk.html (or whatever) is not more dangerous than "run.htm". Just because it's code that is possible viruscode.

 

That's the reasons why the "high bloodhound-setting" not is recommended. It would simpley mark to many files as possible virus.

 

Like I said. When I have a very nasty HijackThis log and I save it in notepad to my desktop my AV says it's a bloudhound.exploit.. But it is just a little innocent textdocument.

 

Do you understand it a little bit?

Edited by J-P IT

Share this post


Link to post
Share on other sites
Guest Eviscerator

Hey J.P. am new to the forum looks good so far. Anyways have understood all you have said on the topic so far. My prob is that I have a repeated bloodhound message pertaining to a "popup.html" which keeps recreating itself in my temp internet folder which I constantly empty anyway. Have scanned with norton and a few spyware apps and have zone alarm pro, but it wont go away and the warning keeps coming along with 3 or four popups is there a way to trace it to it's source. Most annoyingly is that the popups keep appearing when I'm not even using iexplorer.

Thanks Ev :woot:

P.s. Sorry so longwinded

Share this post


Link to post
Share on other sites

Download, open and install this:

 

 

When you installed it, open it. Let the program do his scanning work. When it's finished you have to check al the boxes and click on "clean".

 

Let me know if the error is coming back.

Edited by J-P IT

Share this post


Link to post
Share on other sites
Guest doods

Hi there

 

I discovered this bloodhound exactly like the people have said on here. I was panicking and unsure what to do, so I put in the google search engin the name and it came up with this site! I followed the instructions, and did a Norton scan - and hey presto its gone!!!

 

I just wanted to say thank you for the invaluable help. Although you were helping someone, I have benefited from this info also, and think this site is an absolute godsend!! I have now added this site to my faves and as you can see have registered too!!

 

Fab!!! and extremely pleased that I didn't have to pay someone £40 an hour to come and fix my problem when I was able to solve it via this site! :mrgreen:

 

Cheers!

Doods :lol:

Edited by doods

Share this post


Link to post
Share on other sites

Download, open and install this:

http://home.wanadoo.nl/j-pv.haastert/overig/dcsetup.zip

 

Strange J-P IT :blink: Everytime I click on the link, I get a security alert. My security settings will not allow download. :huh:

 

Any ideas?

 

Regards,

 

Hawk :beer:

 

Edit: Is this the same thing you are posting about? I didn't read all of your post through...just the part about it is safe.

http://securityresponse.symantec.com/avcen....exploit.6.html

 

H

Edited by Hawk

Share this post


Link to post
Share on other sites

:blink::blink::blink:

 

I can garantee it's 100% safe. It's on my providers webspace.

And if you use FF or try to add it to your safe zone?

Edited by J-P IT

Share this post


Link to post
Share on other sites
Guest sdpenny

Hi, getting worried!!

 

Had a NAV alert ref Bloodhound.exploit.6 that said it couldn't remove it. However, a further scan doesn't show it up. I have the XP SP1 patch but aparently, its still there. At least I'm assuming it is? I get new links formed on various words in web pages, that then link to some other web site? Can anyone please help. Have deleted temp files and cookies.

Share this post


Link to post
Share on other sites

I can garantee it's 100% safe. It's on my providers webspace.

And if you use FF or try to add it to your safe zone?

 

I'm not doubting you in any way. :) I checked my restricted sites & it is there. ;) I use ie-spyad & spysit10 for my restricted sites.

 

Anyhoo, no problem. :mrgreen:

 

Regards,

 

Hawk

Share this post


Link to post
Share on other sites
Guest sdpenny

Hi, Will do as soon as I get home. Will the relevent updates get rid of this thing or just prevent further infection?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...