Jump to content
Sign in to follow this  
monty 66

Bloodhound.exploit.6

Recommended Posts

Guest darkstranger2004

In response to the bloodhound exploit 6 virus. I have just been hit by this according to my Norton Anti-virus. So I followed the link from Nortons events viewer to download an update for Outlook Express, installed this update, deleted all my temporary internet files including offline content and my cookies, restarted my computer and ran a full system check with Norton along with some other spyware and virus checker I use all to find that none of them detected any viruses.

Norton red flagged a warning about bloodhound exploit 6 when I opened a webpage within the www.astalavista.com website, regardless to say, I am now staying well away from this website, better safe than sorry.

Hope this helps :rolleyes:

Share this post


Link to post
Share on other sites
Guest clifford

Hi All,

 

I too received a NAV message this morning re the bloodhound.exploit.6 virus, and again, it said it could not remove it.

 

I did a bit of investigation (I'm not a total novice) and deleted the Internet cache, etc, as suggested by other posters. I also run the Zone Alarm firewall and it gave me a warning the the program "services.exe" was trying to access the Internet and had been blocked (I run a fairly tight ship).

 

I then had a look at what processes were running, and lo and behold, there was an extra (rogue) copy of services.exe running. Heaven know what it is trying to do, I have no idea.

 

Then I had a look at the System Configuration Utility (MSCONFIG.exe) and discovered that this virus had added a number of entries to my Startup items, eg services.exe to be loaded from directory C:\windows\inetg\.

 

What I intend to do to get rid of this virus is to disable the spurious entries in Startup and then delete the directory windows\inetg. This should hopefully fix the problem.

 

I'm not so convinced that this virus is benign. What is its purpose, I wonder?

 

Regards,

clifford.

Share this post


Link to post
Share on other sites

What is its purpose, I wonder?

 

 

What is the scope of the vulnerability?

This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could run HTML code of their choosing in the Local Machine security zone in Internet Explorer. By running HTML code in the Local Machine zone, an attacker to gain complete control over an affected system. An attacker could take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts that have full administrative credentials.

http://www.microsoft.com/technet/security/...n/ms04-013.mspx :nospys::angry:

Share this post


Link to post
Share on other sites

I was surfing the Internet when I got a pop from Norton saying I had this Bloodhound.Exploit.6 virus. It said the file could not be repaired. I went to the Symantec website and saw that I needed a patch to fix this, a Microsoft Outlook Express pack. When I tried to download the patch it said "This update requires Outlook Express 5.5 Service Pack 2 to be installed." Same happens with all the other downloads underneath it on this site:

 

http://www.microsoft.com/technet/security/...n/ms04-013.mspx

 

Can someone please help me? I also have scanned with Norton and Panda and nothing...

Share this post


Link to post
Share on other sites

Hi Petrags23,

 

Welcome to the Pit. :)

 

 

What version of IE are you running? Did you do a scan with Norton to verify you have the virus or was it just a popup?

 

I have had Norton popup on ocassion telling me the same thing but found it was "False positives".

 

I believe this is the patch you are speaking of for OE 5.5

http://www.microsoft.com/downloads/details...&displaylang=en

 

Just as a thought but could you try a Pit test? If you have the virus it should show up. At the bottom of this page, there are two links "Test" & "Post Results" & that is exactly what they are.

 

Let us know please.

 

Regards,

 

 

Hawk :beer:

Edited by Hawk

Share this post


Link to post
Share on other sites

Hey Hawk.

 

I was on the Internet and then I got some popups from the site I was on, then Norton gave me a popup saying a virus was found - Bloodhound.exploit.6 - and that the file could not be repaired. I then scanned my computer with Norton and came up with nothing.

 

I am running IE version 6.0.

 

Here is the link to my test results from the Pit:

 

http://www.pcpitstop.com/techexpress.asp?id=1YXT9W9NE0USE90E

 

Any other suggestions?

 

Thanks a lot for you help Hawk. Greatly appreciated.

Edited by Petrags23

Share this post


Link to post
Share on other sites

Your test looks fine Petrags23. :)

 

Might run your disk cleaner & defrag. I think you had the same experience that I had a couple of times......"False Positive". I had it happen twice by Norton & it was non existent. I have no idea why it happened but it involved a particular link & I clicked on it twice, with the same results. Other members tried it (They didn't have Norton) with no problem.

 

So, my conclusion would be to forget it unless you get it again in an entirely different setting & circumstances, like in a NAV scan.

 

Hope this helps some.

 

Regards,

 

Hawk :beer:

Share this post


Link to post
Share on other sites

I used Panda's scanner again, and nothing came up.

 

Then I used HouseCall's scanner, and it found - TROJ DELF.AR

 

It said it was Non Cleanable, I deleted the file - C:WINDOWS\UnstsA2.exe

 

I also have AVG antivirus software on my comp. I did a scan with that and it found - Trojan horse Dropper.Small.5.BN in file C:\System Volume Information\restore.....(bunch of numbers too long to post)

 

This file was added to AVG's Virus Vault

 

I hope I'm OK.

 

Thanks for you continued help Hawk. :lol:

 

Oh and this might sound noobish, but what's NAV?

Edited by Petrags23

Share this post


Link to post
Share on other sites

Oh and this might sound noobish, but what's NAV?

 

Norton Anti-Virus. :mrgreen:

 

 

Keep doing the scans & it might be an idea to do it with SR disabled to make sure you get it all. After, enable again.

 

I never saw sign of it again on my puter...just the two NAV popups.

 

 

Regards,

 

Hawk :beer:

Share this post


Link to post
Share on other sites

SR?

 

I have AVG and the Shield keeps giving me a pop-up that this Trojan horse Dropper.Small.5.BN is on my computer, and to run AVG in order to remove the virus. Then when I run AVG, it doesn't find anything. :blink:

 

Does anyone know any good Trojan Removers that I could download?

Edited by Petrags23

Share this post


Link to post
Share on other sites

Hi Petrags23,

 

 

SR, means system restore. Only ME & XP have it & if you have it enabled, it may retain the bug you are try to get rid of. Therefore, you should disable SR to make sure it is not being backed up.

 

How to disable & enable System Restore.

 

 

 

This tool called Avast Virus Cleaner may be able to help as well.

 

 

Let us know how you get along please.

 

Hawk :beer:

Share this post


Link to post
Share on other sites

Should I disable SR for good? Or disable it and then try to remove the virus, then enable it again?

 

I have the avast scanning right now.

 

Thanks for the help Hawk. ;)

Share this post


Link to post
Share on other sites

Should I disable SR for good? Or disable it and then try to remove the virus, then enable it again?

 

 

After you are through scanning, enable again. If your system is clean, set a restore point in System Restore.

 

The next time you do a scan with your AV or Anti-spyware program (s), disable, enable when finished & set restore point. You can set System Restore to only use a defined amount of space if you wish.

 

Hope this helps.

 

Hawk :beer:

Share this post


Link to post
Share on other sites

Hello,

I have been "hit" with the Bloodhound.exploit.6 virus. I tried the Microsoft link where Norton NV had on the warning box and it told me to download a file to "fix" Outlook Express. I downloaded the file (same link that is on this "thread" many times) and the reponse was that I did not have Outlook Express. I do have Outlook Express. The fact that this "patch" did not find out Outlook Express.. could that "mean" I have other problems on the PC? PC seemed to be running well up until I recieved the virus warning. After the warning, there was allot of disk activity and I had no open applications. I shut it down fast (the "wrong way.. ie shutting it off via not shutting down :) ) booted up in safe mode next time to be safe, however still can't get to the virus removed and get the PC to act "normal".

Any ideas?

 

Thanks in advance!

 

Mike

Share this post


Link to post
Share on other sites

Hello,

I tried Panda activescan, PCtrillian(sp?) and they did not detect or clean the virus. My systems still has same problems, slow and disk activity when (disk activity) when system is idle.

 

Thanks again!

 

Mike

 

PS. Affected system is running WinXP home edition. Also should I download SP2 patch from MS? There seems to be allot of problems posted that affect applications.

 

Thanks!

Share this post


Link to post
Share on other sites

Hello,

I have been "hit" with the Bloodhound.exploit.6 virus. I tried the Microsoft link where Norton NV had on the warning box and it told me to download a file to "fix" Outlook Express. I downloaded the file (same link that is on this "thread" many times) and the reponse was that I did not have Outlook Express. I do have Outlook Express. The fact that this "patch" did not find out Outlook Express.. could that "mean" I have other problems on the PC? PC seemed to be running well up until I recieved the virus warning. After the warning, there was allot of disk activity and I had no open applications. I shut it down fast (the "wrong way.. ie shutting it off via not shutting down :) ) booted up in safe mode next time to be safe, however still can't get to the virus removed and get the PC to act "normal".

Any ideas?

 

Thanks in advance!

 

Mike

Another time, bloudhound isn't a virus.

 

What me worries more is that you're saying that you have installed a patch. From which URL did you download it?

 

Couse for so far I know NAV doesn't give Microsoft links :blank:

Share this post


Link to post
Share on other sites

Hello,

I tried Panda activescan, PCtrillian(sp?) and they did not detect or clean the virus. My systems still has same problems, slow and disk activity when (disk activity) when system is idle.

 

Thanks again!

 

Mike

 

PS. Affected system is running WinXP home edition. Also should I download SP2 patch from MS? There seems to be allot of problems posted that affect applications.

 

Thanks!

Already checked for spyware with Ad-aware? Already posted an HijackThis log in the right section?

Share this post


Link to post
Share on other sites

I was not able to download the Bloodhound fix from the MS site for every time I tried it told me I did not have Outlook express (which I do). In summary what I have gathered is that Bloodhound.exploit.6 is really not a virus?

 

Also, what is the consensus of downloading MS SP2 patch? I have read it messed up many applications. Whats is the consensus for the SP2 patch and any problems encounered with applications. I already went to two of my PC's web sites and you have to download "fixes" for problems re: compatibility with SP2 patch. Would love feedback here... or is there a section on this awesome "board" where its already been addressed?

 

Lastly, I have a Linksys Wireless Network with 5 PCs attached. Two of the five are capable of the faster "G" network. Can I have both a wirless G network (Linksys) working with my existing "B" network, with the idea of plugging in Linksys "B" network gear into the G network and how one would go about it?

 

Thanks in advance! I am lucky I found this board.

 

 

Mike

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...