Results 1 to 15 of 15
  1. #1
    4 Star Lounger
    Join Date
    Mar 2001
    Location
    New Zealand
    Posts
    541
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I am running Windows XP SP3 on two networked PCs. On one PC only, Norton 360 is reporting numerous infections by Bloodhound.MalPE, I am getting mire than a dozen hits a day. What is this thing? On my other PC which has Norton Antivirus there is no mention of it.

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    From Symantec's site:
    Systems Affected: Windows 2000, Windows NT, Windows Server 2003, Windows Vista, Windows XP
    Bloodhound.MalPE is a heuristic detection used to detect threats associated with the Backdoor.Tidserv family.
    Damage Level: Low Removal: Easy
    Bloodhound.MalPE - Removal

    Disconnect from internet prior to removal and secure your network after it's been removed.




    More info
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  3. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    You're just too quick for me Clint. I was just about to add the exact same web site link.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  4. #4
    4 Star Lounger
    Join Date
    Mar 2001
    Location
    New Zealand
    Posts
    541
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I don't think removal is an issue as Norton360 states that each instance has been removed. What I am interested in is what exactly is this thing, why is it attacking on such a regular basis and why is only one of my PCs affected? Your quote from Symantec says "Bloodhound.MalPE is a heuristic detection used to detect threats associated with the Backdoor.Tidserv family." Who is using it to detect threats? If it is Symantec, why does it appear to be a threat itself? I am confused.

  5. #5
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Bloodhound.MalPE is one of the numerous fraudulent/rouge Antispyware apps that are running rampant on the web. It keeps coming back because it has infected your PC. It has not yet made it through your network to your other PCs. Please take the removal seriously and get rid of it. There are many sites with removal instructions. I would print the instructions, then disconnect from the internet, reboot to safe mode and do the removal.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  6. #6
    4 Star Lounger
    Join Date
    Mar 2001
    Location
    New Zealand
    Posts
    541
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I have done exactly as you suggested and after doing a full scan in Safe Mode Norton360 has found nothing. This seems to suggest that when Norton360 says it has removed the threats, that it has. What I cannot understand is why I keep getting notifications that it has removed several more instances. This morning, before doing the full scan, I had over a dozen.

  7. #7
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi Phil :

    I recommend you get a "2nd Opinion" from other security programs &
    the One(s) I would recommend is Malwarebytes Anti-Malware
    ( http://www.malwarebytes.org/mbam.php ) and/or "SUPERAntiSpyware"
    ( http://www.superantispyware.com ), both of which come in a FREE
    Version which hopefully will not conflict with your Norton program .

    Might also consider uploading, if possible, the alleged malware to
    http://www.virustotal.com , to see IF other antivirus program(s)
    detect any malware. I do know that any malware with "Backdoor" in
    its Name could be a "complex" piece of malware, which could
    include a hidden rootkit, best explored by using the FREE "GMER
    Rootkit Scanner", available for download from http://www.gmer.net/gmer.zip
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  8. #8
    4 Star Lounger
    Join Date
    Mar 2001
    Location
    New Zealand
    Posts
    541
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I have used MalwareBytes with nothing found. As to uploading the alleged malware, that seems impossible as it cannot be found on my PC, Norton360 having removed each instance.

  9. #9
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Most fraudulent security warnings in some way disable the resident AV apps ability to get rid of them. In your case I would suspect Norton 360 has been compromised to allow this activity to take place. Completely uninstall Norton 360, download and save a copy of a different AV app (Avast and MSE are both free), and start over. There are many sites that list removal instructions for this nasty. A simple Google search shows many. If all else fails, a complete format reinstall of your system may be neccessary.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  10. #10
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Did you folks know that the GMER technologies are now part of Avast AV Free Edition? Well, it's true.

    While Norton's AV products are fine for what they do, they still come from the Anti-virus side of malware removal. The philosophy in this type of program is to disable the primary executable of the infection, and not to remove all other traces of the malware. For most viruses, this is sufficient.

    But not for fake AV and certain types of spyware.

    That is why Anti-spyware programs (like Super Antispyware Free Edition ) go after much more. They attempt to remove ALL TRACES of the infection, thus making it unlikely that the malware will come back from the same infection. Running the Portable Version from a clean Flash Drive (download from a clean computer) may overcome some of the blocking which is typical of fake AV infections. This is usually sufficient for spyware.

    But not for some fake AV infections.

    Sometimes, the quickest way to deal with really nasty infections like this one, is to reformat and reinstall Windows, and to discard all recent backups and reformat any external devices which have held these possibly infected backups. In other words, start over with a clean slate. In the long run, this may save time and effort, and it is the only way to be completely sure things are back to normal.

    I prefer to fix Windows problems, but a recurring fake AV infection is an exception. For this situation, I would not try to repair the damage.
    -- Bob Primak --

  11. #11
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Thanks Bob, good advice. And I agree.
    Some things are just not worth attempting to fix, especially after several failed attempts.
    Consider your machine compromised.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  12. #12
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    We harp on this all the time, but this is a prime example of where a system image would have been an ideal solution to a rather difficult problem that in all probability will require a reformat and complete reinstall of the OS and apps. I just have 3 things more to say
    1) Image Your HD

    2) Image Your HD

    3) Image Your HD
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  13. #13
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Ted Myers View Post
    We harp on this all the time, but this is a prime example of where a system image would have been an ideal solution to a rather difficult problem that in all probability will require a reformat and complete reinstall of the OS and apps. I just have 3 things more to say
    1) Image Your HD

    2) Image Your HD

    3) Image Your HD
    Just make sure the backup image you use is from a period before anything seems to have gotten infected!
    -- Bob Primak --

  14. #14
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by Bob Primak View Post
    Just make sure the backup image you use is from a period before anything seems to have gotten infected!
    You're right, goes without saying. Create the image once the OS is reinstalled and set up the way you want it, and before the next attack.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  15. #15
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by philkiwi View Post
    Your quote from Symantec says "Bloodhound.MalPE is a heuristic detection used to detect threats associated with the Backdoor.Tidserv family."
    On the Technical Details tab, the longer description suggests the possibility of many false positives:

    Bloodhound.MalPE is a heuristic detection for files that may have been obfuscated or encrypted in order to conceal themselves from antivirus software.
    Hmmm, the world is full of files that might appear to be (or actually are) encrypted. I'm not sure whether your system actually is infected or this new detection is over-anxious.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •