Are you using Norton Anti-virus?
NAV has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound
. An example of such a detection is shown here
. This technology uses an expert system to analyze the cataloged behaviors and assess the likelihood of viral infection. Bloodhound is not the name of a virus, but a message displayed by NAV when it thinks it may have found a new virus
which is categorized as Exploit, Packed variants in their defintion files
. According to Symantec, Bloodhound technology detects up to 80% of new and unknown executable viruses, and 90% of new and unknown macro viruses. Heuristic analysis
is the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus
to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk
for a "False Positive
" if virus detection technology (AutoProtect Settings) are set to High for Bloodhound and the heuristic analysis flags a file as suspicious
that contains no malware. You may want to Reset Bloodhound to default settings
and try scanning again.
NAV is doing its job when alerting to a Bloodhound exploit but from personal experience and testing, I have found some of these alerts to be a false positive. You need to investigate further if you continue to get them.
Get a second opinion by performing one of these online Virus scans:(Requires Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)BitDefender Online Scanner
<- Add a check by "Autoclean" and choose the option to "Quarantine".ESET Nod32 Online Scanner
<- Vista compatible but Internet Explorer must be Run as Administrator