Is bloodhound a virus?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by apricot11, Oct 11, 2005.

  1. apricot11

    apricot11 Private E-2

    Hi

    my (expired) norton antivirus has detected Bloodhound.W32.EP on my computer. I have followed all the steps on the "read and run first" post and the problems I was experiencing (pop ups, slower running, redirected homepage) have all gone but the norton antivirus message still pops up.
    I ran all the scans and they found stuff but were able to destroy it - have attached the latest hijack report and the a2 report - any advice would be very gratefully received!
    I've also been quite confused by some websites saying that bloodhound is a generic term for things that NAV finds and does not recognise - is this true?

    thanks for all the great help on your website
     
    apricot11, Oct 11, 2005
    #1
  2. apricot11

    apricot11 Private E-2

    hijack attached
     

    Attached Files:

    apricot11, Oct 11, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    See http://securityresponse.symantec.com/avcenter/venc/data/w95.cih.1049.html

    Are your MS Antispyware and Ewido programs upto date? Run full scans with them in safe mode and see if they find anything. Post logs from them.

    Your Norton Antivirus looks broken. See the below line where a file is missing. You should probably uninstall it, reboot, and reinstall.

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

    Also look in Add/Remove programs for iMeshBar and uninstall if found.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\Program Files\iMeshBar

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Oct 11, 2005
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds