Hi allguts,
Bloodhound is not the name of a virus, but a message displayed by
Symantec's Norton Anti-Virus when it thinks it may have found a new
virus.
Bloodhound.Packed
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.packed.html?Open
Discovered on: January 19, 2004
Last Updated on: April 26, 2004 03:06:30 PM
"Symantec antivirus products exclusively use the virus name
Bloodhound.Packed when a potentially unknown virus is found using
Symantec Bloodhound technology. Bloodhound technology consists of
heuristic algorithms used to detect unknown viruses. The actual file
detected under Bloodhound.Packed is likely to be infected with a new,
packed, 32-bit Windows virus.
Bloodhound.Packed is detected only in Portable Executable (PE) files.
Bloodhound.Packed can detect any threat within a packed file.
Type: Trojan Horse, Virus, Worm
Infection Length: various
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX"
[edit]
"The following instructions pertain to all current and recent Symantec
antivirus products, including the Symantec AntiVirus and Norton
AntiVirus product lines.
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Bloodhound.Packed.
5. Clear the Temporary Internet Files folder, if required.
1. Disabling System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you
temporarily turn off System Restore. Windows Me/XP uses this feature,
which is enabled by default, to restore the files on your computer in
case they become damaged. If a virus, worm, or Trojan infects a
computer, System Restore may back up the virus, worm, or Trojan on the
computer.
Windows prevents outside programs, including antivirus programs, from
modifying System Restore. Therefore, antivirus programs or tools
cannot remove threats in the System Restore folder. As a result,
System Restore has the potential of restoring an infected file on your
computer, even after you have cleaned the infected files from all the
other locations.
Also, a virus scan may detect a threat in the System Restore folder
even though you have removed the threat.
For instructions on how to turn off System Restore, read your Windows
documentation, or one of the following articles:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
Note: When you are completely finished with the removal procedure and
are satisfied that the threat has been removed, re-enable System
Restore by following the instructions in the aforementioned documents.
[edit]
"Additional information:
What are Portable Executable (PE) files?
Portable Executable (PE) files are files that are portable across all
the Microsoft 32-bit operating systems. The same PE-format executable
can be executed on any version of Windows 95, 98, Me, NT, 2000, and
XP. All the PE files are executable, but not all the executable files
are portable.
A common example of a PE file is a screen saver (.scr) file."
Best regards,
tlspiegel |
