Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton detected Bloodhound.PDF.21


  • Please log in to reply
7 replies to this topic

#1 kayandnan

kayandnan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 27 October 2010 - 10:56 PM

Just a little while ago I had left my laptop idle for about an hour. Norton performed its full system scan as usual, and when I clicked to see the security history of removed threats (which has always been just tracking cookies on this laptop until now) I saw that it quarantined "Bloodhound.PDF.21" (it said that a file called "1859[1].pdf" contained this threat). I was doing some research for school last night and going to many sites that I have never went to before, so I'm thinking that is probably when I got infected, since that was the only thing different I had been doing on this computer before the infection. Anyway, I did a Malwarebytes quick scan after that, and it came up clean. There hasn't been any suspicious activity as far as I know, but I'm still unsure. Norton will often leave things undetected, so should I be wary of any more malware that could have gotten onto my computer along with Bloodhound but slipped past the radar? Should I go to the malware removal forum and post my logs or should I be safe since Norton quarantined the threat? Any help is appreciated, I just want to know if I should catch anything else that might be on here before it's too late :thumbsup:. The OS is Vista, by the way.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:18 AM

Posted 28 October 2010 - 12:31 PM

Norton Internet Security/Norton Anti-virus has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound Technology. According to Symantec, Bloodhound.PDF.21 is a heuristic detectionfor potentially malicious files, which may exploit vulnerabilities in Adobe Acrobat in order to perform further malicious actions. Under the Technical Details tab, Symantec indicates files detected as Bloodhound.PDF.21 may be malicious which means that is not always the case. As such, they ask that you Submit Virus Samples detected as this threat to the Symantec Security Response Team.

Symantec's technology uses an expert system to analyze the cataloged behaviors and assess the likelihood of viral infection. Bloodhound is not the name of a virus, but a message displayed by NAV when it thinks it may have found a new virus which is categorized as Exploit, Packed variants in their defintion files.

Heuristic analysis is the ability of an anti-virus program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "false positive" if virus detection technology (AutoProtect Settings) are set to High for Bloodhound and the heuristic analysis flags a file as suspicious or infected that contains no malware. You may want to Reset Bloodhound to default settings and try scanning again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 kayandnan

kayandnan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 28 October 2010 - 04:21 PM

Thanks for the information :thumbsup:. It took me a while to find out how to submit a sample (the guidelines on the website didn't seem to apply to my version of Norton, I have the latest version of 360) but I figured it out and sent the sample to symantec, so I guess I'm all set.

Also, I had the same problem with the guidelines to reset Bloodhound. Upon looking through the settings the only option I found pertaining to that was "Heuristic Protection" and the setting was on automatic. The only other settings they have are 'aggressive' and 'off' so I think I'm fine leaving that as is.

Thanks again for your help!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:18 AM

Posted 28 October 2010 - 04:47 PM

Make sure you are using the most current version (9.4.0) of Adobe Acrobat Reader. There are serious security issues with older versions which can increase the risk of system infection. If you're not sure what version you are using, launch Adobe Reader, click Help in the top menu and select About Adobe Reader 9.... If it is outdated, select Check for Updates. The most current version can also be manually downloaded from here.

While waiting for a reply from Symantec it might be wise to try doing an online scan.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts including:
    • Administrator.
    • All Users.
    • LocalService.
    • NetworkService.
    • and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 kayandnan

kayandnan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 29 October 2010 - 07:55 PM

Ok, I updated Adobe from version 8 to the latest version, and ran TFC and ESET. ESET didn't detect any threats, therefore there was no 'List of found threats' link and no log. Guess this means I'm ok then? (by the way, I also ran a full MBAM scan and a full Norton scan before this just to cover all options, both came up clean as well.)

I was also wondering, where should I look for this reply from Symantec? Will Norton notify me or will I have to look on my account or something?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:18 AM

Posted 29 October 2010 - 09:04 PM

I have never personally dealt with Symantec. Usually a vendor makes notification by an email response.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 kayandnan

kayandnan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 29 October 2010 - 11:39 PM

Ok, I'll be sure to look out for that :thumbsup:. Thanks again for all your help and information, I really appreciate it!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,941 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:18 AM

Posted 30 October 2010 - 08:09 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users