May have virus but not sure "bloodhound.exploit.196"

C

cooter

Gawd
Joined
Dec 2, 2004
Messages
872
Over the last month symantec has been prompting me that i have a "bloodhound.exploit.196" risk. It says that it cleans the files but it happens everyday. Has anyone had this and if so how did you get arid of it?

I have tried to scan with Kaspersky, Spybot, Superantispyware, but the only thing that shows it is Symantec. Nothing else finds it and therefore I can't seem to clean it.

Here is what I get from Symantec:

Scan type: Auto-Protect Scan
Event: Risk Found!
Risk: Bloodhound.Exploit.196
File: C:\Users\------\AppData\Local\Temp\DWH87B2.tmp
Location: Quarantine
Computer: mycomputer
User: myusername
Action taken: Quarantine succeeded : Access denied
Date found: Friday, January 16, 2009 3:24:14 PM

Does anyone know of any programs that I can use to find out what program or process is creating the .tmp files that are flagged? Or any other way I can track this thing down? When I google it, i have yet to find a person that has found a fix for it and it does not seem that popular.

Thanks!
 
Download AntiVirs latest bootable CD scanner, boot from it and scan outside of Windows.
Also run a scan with MalwareBytes.

I'll bet it's a false positive.....as the exploit seems to have been from last August...and is stated as being hardly any numbers of it out there (not widespread...(under 50x infections reported)..and it's only an Adobe PDF exploit.
http://www.symantec.com/security_response/writeup.jsp?docid=2008-080702-2357-99

Do you use Adobe Acrobloat? Or a good PDF reader like Foxit?
 
Go to www.virustotal.com.
Browse to the file and upload it (you may need to turn on viewing of hidden and system files and folders to find the file).

VirusTotal will scan it against a range of different anti-virus programs.

This will tell you if it is bad or not. It will also send the file to other AV vendors if a certain number deem it as malware. This helps everyone by increasing detection.
 
It seems to be a false positive, I am not the only one in the company that has had this problem. There have been 3 or 4 others that have as well. One of our developers had to format his computer to stop it, i don't want to have to do that, but I get sick of all the symantec popups that I get because of the damn thing, i would rather deal with the virus's then the popups, virus's are easy to remove.....

anyway I have scanned with a number of tools and nothing came up with anything. Is there anyway to stop the false positives from popping up???

I do use alot of PDF's, about 5 a day and that adds up over the course of years...

I am on the latest version of adobe (updated after this started happening) and my symantec should be up to date as well.
 
if it's a temp file in a temp directory... would running clean manager not help in removing all your old temporary files?!?

I'd give that a whirl and see if that helps.

Oh, and I'd turn off System Restore before you run the clean manager... run clean manager, then turn it back on. This way if you had a SR Point in the background it wouldn't be an issue.

Note: I've never had SR work for me ever..... pain in the ass....
 
You must log in or register to reply here.
Back
Top