Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Infection, Norton Won't Run In Safe Mode


  • Please log in to reply
4 replies to this topic

#1 tsukiok

tsukiok

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 AM

Posted 24 November 2007 - 12:57 PM

Two days ago, my mother's computer got a virus. Since my sister didn't tell anyone about it until today, my father didn't know about it and he's now out of town (he's the one who fixes the computers). I don't know what the virus is, and I can't find out 'cause Norton crashes everytime we try to run it. According to my sister, the internet doesn't work (except for, like, two or three sites. It crashes when trying to open Hotmail, Myspace, etc.).

I'll try to find out what it is.

What should we do? I have this computer and a flash drive.

Thanks

Edit: Found logs. Says bloodhound.exploit.109 and Downloader

Edited by tsukiok, 24 November 2007 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 AM

Posted 24 November 2007 - 07:07 PM

NAV has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound. This technology uses an expert system to analyze the cataloged behaviors and assess the likelihood of viral infection. Bloodhound is not the name of a virus, but a message displayed by NAV when it thinks it may have found a new virus. According to Symantec, Bloodhound detects up to 80% of new and unknown executable viruses, and 90% of new and unknown macro viruses.

Heuristic analysis is the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" if virus detection technology (AutoProtect Settings) are set to High for Bloodhound and the heuristic analysis flags a file as suspicious or infected that contains no malware. You may want to Reset Bloodhound to default settings and try scanning again.

Did your anti-virus provide a specific file name associated with Downloader and where is it located (file path) at on your system?

You can also do this:

Download Sysclean Package and the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number).
  • Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
  • This tool generates a log file (sysclean.log) in the same folder where the scan is completed - C:\Sysclean.
  • When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tsukiok

tsukiok
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:47 AM

Posted 30 November 2007 - 05:43 PM

Word doesn't work, and I don't understand a word of the previous post, and I'm well versed in computer lingo.
The Viewpoint toolbar also installed itself (maybe my brother did it).
Today, I've managed to convince Norton to scan.

#4 buddy215

buddy215

  • Moderator
  • 13,090 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:47 AM

Posted 30 November 2007 - 06:49 PM

You can uninstall all Viewpoint related programs from the Add/Remove list.

If you can download a program, install Super Antispyware free in normal mode and run it in safe mode. If you can't stay
online long enough to download Super Antispyware then you will need access to another computer to download SAS to a
CD and then install it on the infected computer.

http://www.superantispyware.com/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Edited by buddy215, 30 November 2007 - 09:23 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:47 AM

Posted 30 November 2007 - 10:08 PM

I don't understand a word of the previous post

Did you click on the underlined blue links which provide more detailed information?
Norton detection's of bloodhound exploits can actually be a false detection (untrue) because of how it works. You need to get a second opinion when getting alerts about such exploits which is why I asked you to run the Sysclean Package.

You did not answer my question. Did your anti-virus provide a specific file name associated with Downloader and where is it located (file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users