Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bloodhound.packed.jmp Infecting Many Pc's At Work.


  • Please log in to reply
No replies to this topic

#1 Wassim

Wassim

  • Members
  • 376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Byblos, Lebanon, Middle East.
  • Local time:09:43 AM

Posted 10 April 2008 - 10:05 AM

Hello,

I'm an IT supervisor in my company and recently i've been having lot of nags about Symantec showing pop ups that the users are infected with Bloodhound.Packed.jmp and it gives files like r.dll or *.tmp as the infection source located in the hidden folder Temp in the Local Settings folder.

Now the most common symptoms are (other than that symantec is indicating it) :
-i can't show the hidden folders, when i do it automatlivly bring it back to hidden. i trird changing the correspondant registry value and the value changed back to 0 few seconds later.
-some users PCs automaticly opens My Documents on startup and i also tried the registry to fix it and same thing it changed the value back automaticly.

I've been workin on the situation since some time now and i leaned some things:
- In Run i type c:autorun.inf if it opens that i can see the malware file beeing run and i search for it and try to remove it.
-This type of infection is related to amvo.dll, and amvo0.dll....
-I use gmer.exe to browse to temp in the local settings , since it can show me hidden files, and i kill and delete the files that Syamntec is indicating but the problem comes back later.

Now i ran combofix on one of the computers and it worked like charm, no Symantec pop ups, i can show the hidden floders again and no MyDocument opening on startup (XP pro PC)

Now on another XP pro PC combofix couldnt run, it opens for few second and then closed.
And i have a couple of windows server 2003 infected computers on wish combofix doesnt run at all.

well as im writing this i got the idea to go to the combofix log and see the files it deleted and try to manually search for them on other infected PCs.

Any Pro can help plz?
i need to see how can i fix the PC's on wish combofix doesn't run.
Plz dont tell me to run SuperAntispyware and Ad-ware like you mention here because i already did and they didn't find anything.
and all i could find by searching google is to update my defenition database.

Waiting for a reply.
Thanks.

Edited by Orange Blossom, 10 April 2008 - 08:25 PM.
Moved to more appropriate forum. ~ OB

"Stuffy Hall Admin of the Typing Skills Enhancing School Program"

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users