Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bloodhound.exploit.56-help!


  • Please log in to reply
5 replies to this topic

#1 Weanut

Weanut

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 26 August 2006 - 07:27 AM

My regular Norton Antivirus scan just found something called Bloodhound.Exploit.56, also a Downloader, which it can't resolve or contain. Help! What do I do???

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:22 AM

Posted 26 August 2006 - 07:55 AM

NAV has the ability to detect unknown viruses of various types using heuristic algorithms known as Bloodhound. See here. Bloodhound is not the name of a virus, but a message displayed by NAV when it thinks it may have found a new virus.

This can also happen if the virus detection technology is set too high so you may want to reset Bloodhound to its default settings and try scanning again. From personal experience with NAV, I have found some of the Bloodhound alerts to be a false positive.

Get a second opinion by performing one of these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan
Panda ActiveScan.

Also if your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".
Print out the Ewido Install and Scan Instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Weanut

Weanut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 27 August 2006 - 09:13 AM

tried to run microtrend & panda, had problems. ran avg, found 6 things that couldn't be removed. 5 are called java/byteverify, 4 are classified as infected, embedded object, 1 as infected, archive. there is also something called trojan horse downloader, generic2.kmb, classified as infected, embedded object. is there anything i can do?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:22 AM

Posted 27 August 2006 - 01:44 PM

Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code. See here. To read more about this vulnerability issue, and download the necessary patches, please see Microsoft Security Bulletin MS03-011.

AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache will eliminate the problem. If you don't have the Java-Plugin installed then just delete the files manually. For information relating to Embedded Object reported by AVG, see here.

Follow the instructions here to clean your JAVA cache.

Then download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

When done, verify your JAVA Software Installation & Version here.
If you need to update, download and install the latest version of Java Runtime Environment - (choose Offline Installation).
Installation instructions if needed.

BTW, you can download Firefox and then perform Trend Micro Housecall Scan for Firefox.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Weanut

Weanut
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 29 August 2006 - 05:41 AM

ok, cleared all caches, did the atf cleaner. have problems w/microsoft downloads, couldn't get to the proper download for that, could only get to the one for windows 2000. but anyway, hopefully that did the trick, ran all my virus & spyware things & everything seems ok. thanks very much, really appreciate the help!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:22 AM

Posted 29 August 2006 - 06:13 AM

Your welcome.

To locate the Security Update for Microsoft Virtual Machine, visit the "Critical Updates" section of the Microsoft Windows Update Web site. If no update is found for this, then you probably already have the patch.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users