Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bloodhound PDF.38 > PLEASE HELP!!!


  • Please log in to reply
11 replies to this topic

#1 Brandon76

Brandon76

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 19 November 2013 - 09:48 AM

This bug has me going totally crazy!!  I keep running scan after scan and getting a clean bill of health, yet this Bloodhound PDF.38 keeps popping up and getting quarantined by Symantec (like 100 times a day).  It's causing my laptop to run like utter crap.  Please help me get rid of this.  I work from home and this is causing me major issues in productivity.  I beg of one of you experts out there to lend me a hand, ASAP.  Bless you for your time and knowledge.

 

 

running...

 

Windows 7

Winzap Malware Protection

Symantec Antivirus

 

 

Thank you in advance for your expertise,

 

 

Brandon



BC AdBot (Login to Remove)

 


#2 PackLeader

PackLeader

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:01:42 AM

Posted 19 November 2013 - 11:05 AM

Hi Brandon

Have you tried running in safe mode with & without networking...does Bloodhound PDF.38 affect your computer in these modes? If not run your antivirus and malware protection from there.

Also if you have can download these programs...from another computer which would probably be quicker:

The Malwarebytes Free edition...http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=main;pop

SuperAntiSpyware Free Edition...http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

SpywareBlaster...http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

Spybot Search & Destroy ...http://download.cnet.com/Spybot-Search-Destroy/3000-8022_4-10122137.html

Save all except "SpywareBlaster" to a Flash Drive Then load the programs in Safe Mode with networking update and then run them.

SpywareBlaster is a simple program that provides protection from ActiveX-based software and unwanted cookies for both Firefox and Internet Explorer users it does this passively by preventing certain malware from writing to your registry by using signatures the same way SpyBot immunizes you can do this after you get you computer cleaned.

The above programs work really well even in their free versions...one other note make sure Windows defender and winzip malware protection are NOT running at the same time.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 19 November 2013 - 11:18 AM

This may also be a False Positive.. What does Norton show as the File Name, (DWH3C.tmp)?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 PackLeader

PackLeader

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:01:42 AM

Posted 19 November 2013 - 11:54 AM

Try Norton Power Eraser first...https://security.symantec.com/nbrt/npe.aspx?lcid=1033

#5 Brandon76

Brandon76
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 19 November 2013 - 01:18 PM

@ PackLeader = I have not tried Safe Mode.  Trying now.  Oh, I do Power Erase at least 3 times a day.  It stays quiet for maybe an hour then comes right back.

 

@ boopme = They are usually always different.  DWH114A.tmp, DWH1211.tmp, DWH1328.tmp, DWH1759.tmpm DWH1B77.tmp, DWH1CDF.tmp, DWH1E47.tmp.......and so on and so on.  I have no idea what a false positive is????

 

 

PLEASE HELP.  Thank you two so very very very much!



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 19 November 2013 - 01:35 PM

See post 3


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Brandon76

Brandon76
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 19 November 2013 - 02:15 PM

They keep changing.  See post 5.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 19 November 2013 - 03:53 PM

Ok,  let's do this..
 
Empty your temp folders using TFC (Temporary File Cleaner)
 
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
  •  
     
    ADW Cleaner
    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Brandon76

Brandon76
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 20 November 2013 - 12:52 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\AI_RecycleBin\{1CA98991-DE30-4BF7-ADB9-FBE2B1C504D4}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\AI_RecycleBin\{BB8B98F3-C586-453A-B6CB-1D9EB7FC753B}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application


...I did exactly as you requested.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 20 November 2013 - 11:15 AM

Are you till getting it?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 PackLeader

PackLeader

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:01:42 AM

Posted 20 November 2013 - 01:15 PM

Bloodhound.pdf.38 & SONAR. Heuristics

In my research I found a Locked topic on Bloodhound.pdf.38 on BleepingComputer

http://www.bleepingcomputer.com/forums/t/496490/bloodhoundpdf38-sonarheuristics/
 
Here are the tools they suggest in the topic.

 

AdwCleaner
Please download AdwCleaner by Xplode onto your Desktop. (You have already tried this)
 
Junkware Removal Tool
Please download
Junkware Removal Tool to your Desktop.


Combofix

--RogueKiller--

 

Mod Edit. These 2 tools are not allowed to be run in the Am I Infected forum.

Please read.. Instructions for posting advice in Am I Infected

It is not advisable to run  a fix posted there on your computer do to certain system differences that are addressed by the malware techs in that forum prior to posting the fix.
 

 

 

Security Check
Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Please paste the logs in your next reply DO NOT ATTACH THEM.


Edited by boopme, 20 November 2013 - 01:23 PM.


#12 PackLeader

PackLeader

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milwaukee WI
  • Local time:01:42 AM

Posted 20 November 2013 - 01:23 PM

Brandon if my last post doesn't work you can also Try running Windows Defender Offline...http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline

 

According to my research: Microsoft security software can detect and remove these threats.

 

Exploit:Win32/Pdfjsc.AHT
Aliases: Bloodhound.PDF.38 (Symantec)
Description:
Microsoft security software can detect and remove these threats.

You will also need to update Abode software to stay protected.

These threats can download and run files on your computer.

An attacker can also use your computer to cause denial of service attacks if you are using versions...
Published Date: Jul 24, 2013
Alert level: Severe






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users