Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bloodhound.Exploit.18


  • Please log in to reply
7 replies to this topic

#1 jellybean

jellybean

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 14 March 2005 - 09:31 AM

:thumbsup: Please help me with a very nasty virus...I have tried almost everything...Norton is running on my computer ... I also have ad aware, and antivir as well.... but I still cant seem to get rid of all of this malware...If someone could let me know how to go about getting my computer back to me...I would really appreciate it .... I am using windows xp pro. thanks in advance....to all those who will lend a helping hand to me.... !

BC AdBot (Login to Remove)

 


m

#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:11:09 PM

Posted 14 March 2005 - 11:19 AM

Hello jellybean. :thumbsup: When was the last time you checked for Microsoft Updates? You should always stay updated with the latest Microsoft Updates. This is IMPORTANT. And do you keep your AntiVirus updated? It is also IMPORTANT that you update all security programs before each scan.

I ask this since "Bloodhound.Exploit.18" is a heuristic detection for HTML files attempting to exploit the recent Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability discovered in Internet Explorer 6.0.

The issue with the Malformed IFRAME Remote Buffer Overflow Vulnerability discovered in Internet Explorer 6.0. is addressed here:

Microsoft Security Bulletin MS04-040

Since you were infected in the first place. It seems that you do not have the latest Microsoft Updates. If you do not. Please do so immediatly Link below.



Microsoft Windows Update

W32.Mydoom.AL@mm ( Please refer to Note: below ) is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses that it finds on a compromised computer. It also spreads by using ICQ instant messenger.

Note: HTML files found to exploit the aforemention IE vulnerability are detected as Bloodhound.Exploit.18 by virus definitions dated prior to January 19, 2005.

The above info. leads me to believe that your Antivirus is not updated with the latest definitions. If this is true. Update ASAP


Once you have made sure that you are updated both Microsoft and AntiVirus wise. Then you should scan w/ your AntiVirus while in Safe Mode.

Next: Disable and Enable System Restore. - You should disable and re-enable system restore to make sure there are no infected files found in a restore point.

Edited by scarlett, 14 March 2005 - 11:54 AM.

Posted Image

#3 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:12:09 AM

Posted 14 March 2005 - 11:49 AM

Norton is running on my computer ... I also have ad aware, and antivir as well....

You can only run one antivirus program running at a time. Are you sure that you have the Bloodhound Exploit, or is one antivirus program detecting it in the definitions of the other antivirus program?

#4 jellybean

jellybean
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 14 March 2005 - 05:07 PM

thank u so much Scarlet and Herk for your responses...I have already done a windows update and as well am just using one AV program...I think I may have also helped get my system ok by using HiJack this...so again thanks a bunch...that help was awsome....now I know where to get great help.... :thumbsup:

#5 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:11:09 PM

Posted 14 March 2005 - 05:55 PM

You are so welcome. :thumbsup:

And if you would not mind humoring me a bit. I have a few questions.

(1) Were you in need of:
Cumulative Security Update for Internet Explorer (889293)?

(2) Have you scanned with your (updated) AntiVirus while in SafeMode?

(2a) If so. Did you get a clean report?

3) After a clean AntiVirus report (assuming you now are rid of the worm)

(3a) Did you disable and then re-enable System Restore? To ensure that there is no infection lurking in a restore point?


Plus a little suggested reading. "Simple Steps to Keep Your System Secure"

http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/


I think I may have also helped get my system ok by using HiJack this


Unless you have been trained to read HJT Logs. When using Highjack This, please always proceed with caution. It is best to leave the analysis of HighjackThis logs to the experts. You could damage your system.

Bleeping Computer has on hand a top-notch Highjack This Team. In the future please refer any HJT Logs to them. I for one will sleep better knowing that you do. :flowers:

Edited by scarlett, 15 March 2005 - 12:28 PM.

Posted Image

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:09 PM

Posted 14 March 2005 - 09:52 PM

In addition to whatever anti-virus program you are using, run a free scan at Trend Micro, shutting system restore OFF first.

http://housecall-beta.trendmicro.com/en/start_corp.asp

#7 jellybean

jellybean
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 15 March 2005 - 11:47 AM

Thanks again to Scarlet...for putting me on the right track...and no i did forget to run scan in safe mode but will do right now....also i did do some research on the files in hijackthis...so hopefully i did do the right thang...anyway i will be doing some reading on security and hopefully will be right on track once more...thanks again...
ps...I have visited micro trend and will look further in to that....
later gaters....Jellybean

#8 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:10:09 PM

Posted 15 March 2005 - 08:44 PM

If Norton is not doing the trick try AVG Free Edition . It is a full antivirus without a time limit . If you like it buy the Pro version for $32/2yr . It has found virus' that both MacAfee and Norton have missed on systems I have worked on . Free can' hurt . I uninstalled MacAfee with 16 month left on my subscription . Never looked back . Also use MicroSoft AntiSpyware Beta.




acklan
"2007 & 2008 Windows Shell/User Award"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users