User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » bloodhound.exploit.213 Page [1]  
joepeshi
All American
8094 Posts
user info
edit post

Okay so I know people don't like Norton Anti-virus, but it detected this...bloodhound.exploit.213. From what I've read its a "Acrobat util.printf() vulnerability". I almost never get viruses and its a new computer so I want to make sure it is gone. The only legitimate help I've gotten (other than messing with the registry is dl'ing Adobe 9. Anyone have any suggestions?

The only thing I remember doing was trying to watch a movie on surfthechannel.com on IE. Suddenly this thing...antivirus2010 tried to install on my computer. I stopped it and checked to see if any new programs were dl'd. I didn't see anything. Ever since then...I've been getting the quarantined Bloodhound exploits popping up from NAV.

Thanks.

1/25/2009 12:56:59 PM

split
All American
834 Posts
user info
edit post

chances are, you loaded a page (either directly or indirectly) that contained malicious javascript that downloaded a malicious PDF file and opened it. that PDF contained an exploit for the util.printf heap overflow (CVE-2008-2992) that affects Adobe Acrobat reader 8.1.2 and before. If you had a vulnerable version installed, you likely downloaded some other malware. From the sounds of it, you were running a vulnerable version.

At this point, I would run a scan in safe mode using Norton and then follow that up with one of the online AV scanners (trend-micro housecall or the like).

1/26/2009 9:27:45 PM

joepeshi
All American
8094 Posts
user info
edit post

Thanks man...so should I run both of those in safe mode?

1/27/2009 10:54:37 PM

split
All American
834 Posts
user info
edit post

yeah, run both in safe mode

1/31/2009 1:18:52 PM

joepeshi
All American
8094 Posts
user info
edit post

I tried it...no luck. All these dwh.tmp files keep popping up saying they are quarantined as bloodhound.exploit.213. I've seen no change in the way my computer works otherwise. Very confusing.

1/31/2009 10:02:48 PM

Optimum
All American
13716 Posts
user info
edit post

You might want to download and use Malwarebytes Anti-malware to scan and clean your computer. That seems to do a pretty good job with cleaning up things like what you've described, especially the "Antivirus 20xx" crap that's been floating around lately.

1/31/2009 10:12:30 PM

joepeshi
All American
8094 Posts
user info
edit post

yeah I think that's what it is. I ran it and it found nothing. I don't understand. argh

2/1/2009 6:35:40 PM

FoShizzle
All American
4786 Posts
user info
edit post

Me too so what is the solution?

4/21/2009 8:55:55 PM

qntmfred
retired
40818 Posts
user info
edit post

bump

9/25/2009 7:13:52 PM

pooljobs
All American
3481 Posts
user info
edit post

you need adblock before using surfthechannel. a few of the ads that pop up are not good.

9/25/2009 7:23:55 PM

ScHpEnXeL
Suspended
32613 Posts
user info
edit post

format c:

9/25/2009 7:40:59 PM

homeslice11
All American
611 Posts
user info
edit post

anybody get rid of this? running adaware, symantec, and AVG in safe mode with no luck

9/25/2009 11:49:37 PM

Optimum
All American
13716 Posts
user info
edit post

definitely do the trend micro housecall in safe mode w/ networking. i've seen it catch and repair a LOT of shit that others missed. highly recommended.

9/26/2009 12:08:53 AM

joepeshi
All American
8094 Posts
user info
edit post

hmmm...so it just stopped popping up after a while. I did all this stuff.

I posted in another forum. And they tried to help me and then it just disappeared. If you can see this thread...try and follow the directions they outlined.

http://www.geekstogo.com/forum/antivirus2010-bloodhound-exploit-213-dwh-tmp-t227283.html

9/26/2009 1:50:56 AM

Master_Yoda
All American
3626 Posts
user info
edit post

nuke it from orbit

Quote :
"format c:"

9/27/2009 9:03:58 AM

Grandmaster
All American
10829 Posts
user info
edit post

Follow this tutorial for using ComboFix.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

It will pretty much destroy any malicious software without the need to format. I had to remove an extremely obnoxious UAC rootkit the other day and ComboFix as always, came through. I don't know if you're patient enough to complete my entire process, but I wanted to minimize the chance that it would ever come back (which it still might but then it's time for teh format)

1)Disabled System Restore (CF creates a restore point but I always disable)
2)Booted into Safe Mode with Networking to download ComboFix from the above link.
3)Rebooted into vanilla Safe Mode to actually run the utility. It found rootkit activity and wanted to reboot again. It found and removed it, but I booted back into Safe w/ Net and updated and ran a full Malware Bytes scan. http://www.malwarebytes.org

[Edited on September 27, 2009 at 1:51 PM. Reason : info]

9/27/2009 1:37:12 PM

 Message Boards » Tech Talk » bloodhound.exploit.213 Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.