Jump to content
Sign in to follow this  
monty 66

Bloodhound.exploit.6

Recommended Posts

Guest sdpenny

Hi again,

 

Could someone just confirm that the symptoms do indeed look like BE6?

Share this post


Link to post
Share on other sites

Hi, Will do as soon as I get home.  Will the relevent updates get rid of this thing or just prevent further infection?

Check this link from Symantec:

 

http://securityresponse.symantec.com/avcen....exploit.6.html

 

Look at the article by MS. It is a good idea to check in with Windows Update as they come out with a critical update from time to time. That is why I suggested it...just to make sure you have them all. :mrgreen:

 

Regards,

 

Hawk :beer:

 

Edit: At the bottom of the Symantec article:

 

Apply the patch for the vulnerability as described in Microsoft Security Bulletin MS04-013.

Edited by Hawk

Share this post


Link to post
Share on other sites
Guest sdpenny

Hi, Thanks Hawk.

 

I did download and run the update, but I still get the web page symptoms I descried in the previous post, so I'm not sure what to do now?

 

Cheers

Share this post


Link to post
Share on other sites

Is NAV still picking it up? If it is, it could be because of SR, if you have it.

 

Let us know please.

 

Hawk :beer:

 

Edit: If you would like to run a Pit test, we might pick something up from that. Click on FIRST (Test) below to test, SECOND (Post), will show you how to post a link to your results.

 

H

Edited by Hawk

Share this post


Link to post
Share on other sites
Guest sdpenny

Hi,

 

NAV is no longer picking anything up. I'm just left with the symptoms

 

Cheers, Steve

Share this post


Link to post
Share on other sites

Did you :huh:

 

Uuhm, I posted it on page 3 :woot: ?

 

:snooze::snooze: ]

 

 

Thx :oreo:

No prob....... :mrgreen:

 

 

Hawk :beer:

Share this post


Link to post
Share on other sites
Guest CanadianChick90

Hey J.P. am new to the forum looks good so far. Anyways have understood all you have said on the topic so far. My prob is that I have a repeated bloodhound message pertaining to a "popup.html" which keeps recreating itself in my temp internet folder which I constantly empty anyway. Have scanned with norton and a few spyware apps and have zone alarm pro, but it wont go away and the warning keeps coming along with 3 or four popups is there a way to trace it to it's source. Most annoyingly is that the popups keep appearing when I'm not even using iexplorer.

                                Thanks Ev :woot:

P.s. Sorry so longwinded

Okay, everything that person said is basically what is happening to me! I can't download that file someone replied with since I don't have WinZip and won't be able to get it since my Mother has had problems with it in the past and doesn't want it on here, lol.

Like this person, I empty my Temp. Internet Files regularly and this is this first time something like this has happened. I didn't think it was possible to get a virus from a popup (the same file name as the above person, popup.html) it's came up about 5 times now over 4 days. It only happens when the ntsearch.com ad comes up (emailed ntsearch about this around 3 days ago and still haven't received any response) and sometimes I'm not even using internet explorer. I have the files in quarantine and they cannot be repaired. I realize that bloodhound.exploit6 is not dangerous, but I'd still like to stop this from coming up all the time. I've ran a Norton scan and an ad-aware scan since then and removed 3 objects of spyware and the NAV scan came up clean. Once again, does anyone have any recommendations? Sorry so long.

Thanks. :help:

 

PS: Unsure if this matters, but I am running Windows 98 SE and Norton AntiVirus 2003 professional edition.

Edited by CanadianChick90

Share this post


Link to post
Share on other sites
Guest CanadianChick90

I was wondering why there are so many hits overhere...

 

@ CanadianChick90: you can better post a hijackthis log in the HJT forum: http://pcpitstop.ibforums.com/index.php?showforum=25

Thanks, J-P. But, I don't know what Hijackthis is lol could you post a link maybe to a safe site where I might be able to get it or even what it is? Thanks a bunch, sorry for all the hassle. I was running Imesh at the time which does give me ads...but still, I don't think they'd send a virus.

Share this post


Link to post
Share on other sites

Us Canadians have to stick together CanadianChick90 and BTW, welcome to the Pit. :)

 

To do a Hijack This:

 

Create a folder & name it HJT. Put the folder in "My Documents". Download HIJACK THIS from HERE & put in folder in My Documents.

http://radiosplace.com/

Do NOT attempt to fix anything yourself please.

 

READ THIS:

http://pcpitstop.ibforums.com/index.php?act=ST&f=25&t=36065

 

Post log HERE:

http://pcpitstop.ibforums.com/index.php?act=SF&f=25

 

Hope this helps.

 

Hawk :beer:

Share this post


Link to post
Share on other sites
Guest CanadianChick90

Thanks, Hawk :) That's right! It's great to be Canadian, lol

 

I posted my log in that forum, if you'd like to see it. Thanks for all the help again and I hope I did everything right!!

 

-CanadianChick90

Share this post


Link to post
Share on other sites

I just love Canada and love Candadians :D

 

Take a cookie on my costs :oreo:

Edited by J-P IT

Share this post


Link to post
Share on other sites
Guest CanadianChick90

I just love Canada and love Candadians :D

 

Take a cookie on my costs :orero:

Thanks, mate.

 

*dips oreo in maple syrup* mmm! I would have dipped it in milk but I don't like milk...this forum is friendly, more help than techsupportforums.com offered me.

Share this post


Link to post
Share on other sites
Guest Eviscerator

Hey I'm back form last page,

Tried what JP suggested before but am still getting the prob same as canadianchick90 should I do the old HijackThis business too?

Cheers for your help dudes

Evis :mrwinky:

Share this post


Link to post
Share on other sites

If you feel your problem is serious Eviscerator, I would suggest you try HJT. When you post one of these logs, there is a lot of work involved for the member reading the log as the advice given has to be correct.

 

Only you can make the decision as to whether or not your problem warrants posting a HJT.

 

Hawk :beer:

Share this post


Link to post
Share on other sites

If you want to do it:

 

Create a folder & name it HJT. Put the folder in "My Documents". Download HIJACK THIS from HERE & put in folder in My Documents.

http://radiosplace.com/

Do NOT attempt to fix anything yourself please.

 

READ THIS:

http://pcpitstop.ibforums.com/index.php?act=ST&f=25&t=36065

 

Post log HERE:

http://pcpitstop.ibforums.com/index.php?act=SF&f=25

 

Hope this helps.

 

Hawk 

 

Thx to hawk :D

Share this post


Link to post
Share on other sites
Guest coreyg9

I have read the previous posts to try and correct my issue and have had no luck. One of the bigger issues I am having is that I can't use the internet on the infected computer. When I open IE, I get a black page with red writing that says - Press Enter to continue. When you press enter, nothing happens. I have to control/alt/delete out to task manager to end all the IE tasks running to get back to my desktop.

 

Similar to other people, the patch I downloaded from Symantec says I need to install Outlook Express 6 before running the patch. I tried the Hijaker link provided but really don't know enough to know which items are safe to delete or not.

 

I have tried going through the System Tools to delete my Temp Files through the Disk Cleanup function, but each time I try to do it, it will not delete the items there.

 

If anyone has any other advise, please let me know!! Thanks!!

Share this post


Link to post
Share on other sites

I have tried going through the System Tools to delete my Temp Files through the Disk Cleanup function, but each time I try to do it, it will not delete the items there.

 

If anyone has any other advise, please let me know!! Thanks!!

 

If this won't clean them, they aren't meant to be cleaned. :mrgreen:

 

 

http://cleanup.stevengould.org/

 

If you d/l, in options, make sure the indicator is on "Standard Cleanup".

 

This also works well in conjunction with "CleanUp"

 

http://www.snapfiles.com/get/ccleaner.html

 

Might also consider what J-P IT posted. ;)

 

Regards,

 

Hawk :beer:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...