msn virus?

  • Thread starter Thread starter kirsty
  • Start date Start date
K

kirsty

I am using windows xp with norton 360 2.0.A few days ago i got a medium level
alert for something called bloodhound.
Everyday i scan my computer its back there.
I was prompted to close all open programs to fix the problem but i couldnt
shut down messenger.
A few days later people from my contact list were recieving strange requests
sent out apparently by me,such as accept these backgrounds or send pics.
I have spoken with norton support staff and done full system scans with them
as well as by myself.I have also ran spy and malware with a different
program.
The full scan showed nothing was wrong with my computer.I have changed my
password 3 times.
What can it be and what can i do?
 
In one breath you say Bloodhound is there every scan; then a full scan shows
Nothing!
Which is it???? Either it is there, or it isn't.

Install the 2 Programs below, and scan your System with them (and Norton),
in Safe Mode.
One scan at a time!


http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.
 
kirsty said:
I am using windows xp with norton 360 2.0.A few days ago i got a medium
level
alert for something called bloodhound.
Everyday i scan my computer its back there.
I was prompted to close all open programs to fix the problem but i couldnt
shut down messenger.
A few days later people from my contact list were recieving strange
requests
sent out apparently by me,such as accept these backgrounds or send pics.
I have spoken with norton support staff and done full system scans with
them
as well as by myself.I have also ran spy and malware with a different
program.
The full scan showed nothing was wrong with my computer.I have changed my
password 3 times.
What can it be and what can i do?
Click to expand...

Do a thorough check for malware, following all of the steps at one of these
Web pages, including HijackThis.
Help with malware:
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing programs like Messenger Plus,
whose ads for malware don't identify the malware as such and try to convince
you that you owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see
what else is being carried along. Don't install any extras you're not sure
of.
 
Sorry for my confusion.Norton support ran a full security scan that showed
nothing,
yet when i ran my own scans i came up with bloodhound.
Anyway.
I installed the programs you suggested
and with malware anti malware i found a trojan called
Trojan.FakeAlert.H that had the same registry keys and values as bloodhound.
In the items column it had value:daneza,which i dont understand
but i know that was in the bloodhound registry also.
It cleaned up everything except it could not clean up
C:\windows32\bassy.exe. should i be worried or is it ok?
One last thing should i immunise everything that is already checked or
will that change settings on my computer.
Thanks for all your help so far.
 
Use that Immunise part of Spybot Search & Destroy against future infestation..

Any Malware on your computer is bad.
Did you use Safe Mode to scan?

Rescan with Malwarebytes in Safe mode, and tick the Radio button "Perform
full scan"
And scan with Spybot Search & destroy and Norton in SAfe mode as well.

And try Frank's ones as well.
No single Program will get rid of everything malicious.
It becomes trail and error, and using a combination of Programs.
 
And update Malwarebytes, and Spybot search & destroy in normal Mode, before
you go into Safe Mode

Updates for Malwarebytes come out about every 2nd day; Spybot, a couple of
times a month.
 
kirsty said:
Sorry for my confusion.Norton support ran a full security scan that showed
nothing,
yet when i ran my own scans i came up with bloodhound.
Anyway.
I installed the programs you suggested
and with malware anti malware i found a trojan called
Trojan.FakeAlert.H that had the same registry keys and values as bloodhound.
In the items column it had value:daneza,which i dont understand
but i know that was in the bloodhound registry also.
It cleaned up everything except it could not clean up
C:\windows32\bassy.exe. should i be worried or is it ok?
One last thing should i immunise everything that is already checked or
will that change settings on my computer.
Thanks for all your help so far.
Click to expand...


Yes, you need to worry about this process as it is a viral application and
it will regenrate the infestation again!
Use the Killbox to either delete in safe mode or on Boot, read the "How to
use Killbox to know how to use it.

I'm not sue about the path ods the application:
C:\windows32\bassy.exe < this not correct.
But this is correct:
C:\Windows\System32\bassy.exe

Download Killbox from here:
http://killbox.net/downloads/KillBox.exe
How to use Killbox:
http://metallica.geekstogo.com/killboxexplanation.html

Use the option for On Boot deletion by telling the Box the path for the
App/Process to delete (C:\Windows\System32\bassy.exe) and it will delete it
on Boot up.
HTH,
nass
 
It looks like you still have the virus regenerate itself through a
script/file somewhere on your HDD or it could be the system restore, did you
done a system restore on your computer after the infection and how far?
If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet!
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com/download/builds/downloading-slim
HTH,
nass
 
Back
Top