Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Repeated bloodhound.pdf.28 infections


  • Please log in to reply

#16
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.


How do I attach something to my reply? I don't see a button to do this.
  • 0

Advertisements


#17
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Also if I delete Symantec Endpoint Security I will not be able to reinstall it as I no longer work for the company. As I said, I have no problem switching to AVAST or something else, but I don't think other antivirus programs detect my infections. I know McAfee did not. Does that make a difference in trying to cure this? So with that in mind, should I still go ahead and uninstall Symantec Endpoint Security?
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
To attach a file click on Browse and point it at the file. Hit Open then Attach this file.

I don't see why Norton wouldn't reinstall if you save the license key but even if it doesn't I don't think it's any great loss. Norton is a big CPU hog and slows your PC down and isn't really that much better than Avast especially since you are running one of the older versions.
  • 0

#19
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Now I got it... One needs to use the advanced uploader to get the button to attach things to postings on this site!

I don't have the license key to Symantec (if there ever was one) so I will not be able to reinstall it. My concern about removing this software is the fact that this is the only program that detects and quarantines these problem files. Might there be a need for seeing the Symantec logs, or to replicate the problem, in attempting to solve the problem?

I just discovered that "Bloodhound" is a trademark of the Symantec Corporation. Maybe it is no coincidence they are the only ones to detect these supposedly infected files.

I am getting DNS errors when trying to post this...
  • 0

#20
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Can I simply disable Symantec, and install and run AVAST for your purposes?

Still having problems attaching the file. Nothing happens when I click "attach this file." I get message that no file was selected for upload when I have done so.
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP

I just discovered that "Bloodhound" is a trademark of the Symantec Corporation. Maybe it is no coincidence they are the only ones to detect these supposedly infected files.


Yes that's what they call it when their heuristic finds something. I expect it's a false positive.

Can I simply disable Symantec, and install and run AVAST for your purposes?


You can try but last time I did that Avast didn't want to run. Problem is that there are a lot of drivers loaded by Norton and these don't get stopped even when you tell it to stop. (You might be able to use Autorun to uncheck everything that says Symantec and then reboot. That should stop the drivers from loading.) Norton isn't working right anyway so I don't think it's much of a loss if you can't find the license.

To attach something you must click on Add Reply then on Browse then point at it then click on Open (file name will show up after the Browse button where it normally says No File Selected. then Attach this File.

The DNS error was probably caused by Admin doing some tweaking. It has cleared now so hopefully he has it the way he wants it.
  • 0

#22
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Still can't attach. I can find and put file name after browsing, but when I click Attach This File nothing happens, and eventually file name clears on its own and I get message that no file is selected. Don't know what the problem is.
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
It may be because of the extension. Can you zip up the file or rename it to autoruns.txt?
  • 0

#24
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I already renamed it with *txt extension and still doesn't work. I don't have zip file software - like to limit what I download - but could download it if necessary. But who even knows if it will let me attach that?
  • 0

#25
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Going to try to attach test notepad file.

Attached Files

  • Attached File  test.txt   4bytes   39 downloads

  • 0

Advertisements


#26
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
So I know how to attach things, it doesn't seem to like the AutoRuns.txt file.

Getting back to Symantec: I think if I delete it, I will never know whether the problem is fixed since it is the only program to find and quarantine these files. Did you mean using Autoruns for Windows for disabling drivers?
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Yes, Autoruns should show you who makes each program so you can go through and uncheck the things from Symantec/Norton. Then reboot. May have to do it twice to get it to work as Norton may not like it.

I expect you are not seeing the extension when you try to rename it. Probably it is now autoruns.txt.arn.
http://windows.micro...name-extensions

There is a program called 7-zip which does a good job zipping up files and is free. As with all downloads make sure you uncheck any optional software like the ask toolbar.
  • 0

#28
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Downloaded 7-zip; not sure how to use it but let's see if this works. Check and see if this is the right file.

Attached Files


  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
That worked nicely. You can run Autoruns again as before and uncheck each line that is highlighted in yellow. These are missing files. Essentially the same as setting the service to Disabled. You can undo it by running Autorun again and checking the items. Will speed up your boot a tad. There is nothing on your system that looks at all evil so I think Norton is making things up.
  • 0

#30
unsmiley

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I am having trouble getting the AVAST log to you. Overnight I scanned computer with AVAST (after disabling Symantec Endpoint Security and unchecking all Symantec items in Autoruns for Windows). AVAST found thousands of infected files.

Copying and pasting the log doesn't seem to work - maybe the file is too large. I can paste it into the reply window - it shows up after some delay - but when I try to send, Geeks to Go site hangs up and I get a Windows error message and it tries to recover the webpage. I also cannot attach the file; I can select it after browsing for it, but nothing happens when I hit attach. I may try to zip it an send in a separate reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP