joepeshi All American 8094 Posts user info edit post |
Okay so I know people don't like Norton Anti-virus, but it detected this...bloodhound.exploit.213. From what I've read its a "Acrobat util.printf() vulnerability". I almost never get viruses and its a new computer so I want to make sure it is gone. The only legitimate help I've gotten (other than messing with the registry is dl'ing Adobe 9. Anyone have any suggestions?
The only thing I remember doing was trying to watch a movie on surfthechannel.com on IE. Suddenly this thing...antivirus2010 tried to install on my computer. I stopped it and checked to see if any new programs were dl'd. I didn't see anything. Ever since then...I've been getting the quarantined Bloodhound exploits popping up from NAV.
Thanks. 1/25/2009 12:56:59 PM |
split All American 834 Posts user info edit post |
chances are, you loaded a page (either directly or indirectly) that contained malicious javascript that downloaded a malicious PDF file and opened it. that PDF contained an exploit for the util.printf heap overflow (CVE-2008-2992) that affects Adobe Acrobat reader 8.1.2 and before. If you had a vulnerable version installed, you likely downloaded some other malware. From the sounds of it, you were running a vulnerable version.
At this point, I would run a scan in safe mode using Norton and then follow that up with one of the online AV scanners (trend-micro housecall or the like). 1/26/2009 9:27:45 PM |
joepeshi All American 8094 Posts user info edit post |
Thanks man...so should I run both of those in safe mode? 1/27/2009 10:54:37 PM |
split All American 834 Posts user info edit post |
yeah, run both in safe mode 1/31/2009 1:18:52 PM |
joepeshi All American 8094 Posts user info edit post |
I tried it...no luck. All these dwh.tmp files keep popping up saying they are quarantined as bloodhound.exploit.213. I've seen no change in the way my computer works otherwise. Very confusing. 1/31/2009 10:02:48 PM |
Optimum All American 13716 Posts user info edit post |
You might want to download and use Malwarebytes Anti-malware to scan and clean your computer. That seems to do a pretty good job with cleaning up things like what you've described, especially the "Antivirus 20xx" crap that's been floating around lately. 1/31/2009 10:12:30 PM |
joepeshi All American 8094 Posts user info edit post |
yeah I think that's what it is. I ran it and it found nothing. I don't understand. argh 2/1/2009 6:35:40 PM |
FoShizzle All American 4786 Posts user info edit post |
Me too so what is the solution? 4/21/2009 8:55:55 PM |
qntmfred retired 40818 Posts user info edit post |
bump 9/25/2009 7:13:52 PM |
pooljobs All American 3481 Posts user info edit post |
you need adblock before using surfthechannel. a few of the ads that pop up are not good. 9/25/2009 7:23:55 PM |
ScHpEnXeL Suspended 32613 Posts user info edit post |
format c: 9/25/2009 7:40:59 PM |
homeslice11 All American 611 Posts user info edit post |
anybody get rid of this? running adaware, symantec, and AVG in safe mode with no luck 9/25/2009 11:49:37 PM |
Optimum All American 13716 Posts user info edit post |
definitely do the trend micro housecall in safe mode w/ networking. i've seen it catch and repair a LOT of shit that others missed. highly recommended. 9/26/2009 12:08:53 AM |
joepeshi All American 8094 Posts user info edit post |
hmmm...so it just stopped popping up after a while. I did all this stuff.
I posted in another forum. And they tried to help me and then it just disappeared. If you can see this thread...try and follow the directions they outlined.
http://www.geekstogo.com/forum/antivirus2010-bloodhound-exploit-213-dwh-tmp-t227283.html 9/26/2009 1:50:56 AM |
Master_Yoda All American 3626 Posts user info edit post |
nuke it from orbit
9/27/2009 9:03:58 AM |
Grandmaster All American 10829 Posts user info edit post |
Follow this tutorial for using ComboFix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
It will pretty much destroy any malicious software without the need to format. I had to remove an extremely obnoxious UAC rootkit the other day and ComboFix as always, came through. I don't know if you're patient enough to complete my entire process, but I wanted to minimize the chance that it would ever come back (which it still might but then it's time for teh format)
1)Disabled System Restore (CF creates a restore point but I always disable) 2)Booted into Safe Mode with Networking to download ComboFix from the above link. 3)Rebooted into vanilla Safe Mode to actually run the utility. It found rootkit activity and wanted to reboot again. It found and removed it, but I booted back into Safe w/ Net and updated and ran a full Malware Bytes scan. http://www.malwarebytes.org
[Edited on September 27, 2009 at 1:51 PM. Reason : info] 9/27/2009 1:37:12 PM |