Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Wondering Is Bloodhound.exploit.6 A Virus?


  • This topic is locked This topic is locked
5 replies to this topic

#1 joe blow

joe blow

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 22 January 2008 - 01:55 AM

Hi,

I ran an online scan at symantec and it said that a file in my temporary internet files was infected by "Bloodhound.Exploit.6". But the scan summary also said I was clear of infections. I checked out Bloodhound.Exploit.6 at pchell and it seemed to say that it was a real virus, but also a false positive, when found in the temporary internet files. I cleaned out my temporary internet files and ran the symantec online scan again and everything was fine.

I was just hopeing that someone could tell me if this was a virus or not, and if it was, are there any further actions that I should take.

Thanks.

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 PM

Posted 22 January 2008 - 09:48 AM

NAV has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound. This technology uses an expert system to analyze the cataloged behaviors and assess the likelihood of viral infection. Bloodhound is not the name of a virus, but a message displayed by NAV when it thinks it may have found a new virus. According to Symantec, Bloodhound detects up to 80% of new and unknown executable viruses, and 90% of new and unknown macro viruses.

Heuristic analysis is the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" if virus detection technology (AutoProtect Settings) are set to High for Bloodhound and the heuristic analysis flags a file as suspicious or infected that contains no malware. You may want to Reset Bloodhound to default settings and try scanning again.

Read the discussion on Bloodhound.HybridCom.
Read the discussion on Bloodhound.Exploit.6 (False Positive found by Antivirus in Forums and Hijack Logs) and What is the Bloodhound.Exploit.6?.
Read Problems with Bloodhound.Exploit.45 pattern in Symantec AV.

NAV is doing its job when alerting to a Bloodhound exploit but from personal experience and testing, I have found some of these alerts to be a false positive.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 23 January 2008 - 02:17 AM

Thanks for the help.

I have done a few scans since deleteing the temporary internet files and everything comes back clean so hopefully it was just a false positive. But I will continue to keep an eye on things.

Thanks again.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 PM

Posted 23 January 2008 - 07:49 AM

Your welcome. :thumbsup:
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 25 January 2008 - 01:07 AM

Hi,

Im not sure if this thread is still being checked, but if it is, do you think this could be part of the problem.

I ran hijackthis and coould find no information on the internet about these unusual entries.

O23 - Service: AQKBVEUG - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\AQKBVEUG.exe (file missing)
O23 - Service: EWDZYHUOJ - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\EWDZYHUOJ.exe (file missing)
O23 - Service: HVBCAHS - Unknown owner - C:\DOCUME~1\user\LOCALS~1\Temp\HVBCAHS.exe (file missing)

Does anyone know what they are, I posted the whole log in the hijackthis forum below, but no one answered.

http://www.bleepingcomputer.com/forums/t/127417/unusual-hijack-this-entries/

#6 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:07:31 PM

Posted 25 January 2008 - 02:11 AM

Hi joe blow,

Now that you have an open HJT log posted in the HijackThis Logs and Analysis forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working on logs posted before yours. They are volunteers who will help you out as soon as possible.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.

If you have any questions, don't hesitate to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users