

NORTON DETECTED BLOODHOUND.W32.EP
Started by
lstbluangel1976
, May 11 2005 02:02 PM
#1
Posted 11 May 2005 - 02:02 PM


#2
Posted 11 May 2005 - 05:32 PM

first get the full filename of the virus u can get it by norton by checking the reports
then go to search and type in the full filename don't open it but scan it again to make sure its the one then try to delete it if u coudn't try changing the name to something else or u could go in safe mode and then delete it.
then go to search and type in the full filename don't open it but scan it again to make sure its the one then try to delete it if u coudn't try changing the name to something else or u could go in safe mode and then delete it.
#3
Posted 12 May 2005 - 11:09 PM

Previous advice is good.
Note: Norton and other antivirus programs sometimes cannot delete files, simply because they have their attribute set to something like 'system' or 'read-only' files.
So, if you've located the file (write down it's location and exact name, you'll need it later), and can't delete in safe mode, do this:
Restart PC with boot floppy or CD
You'll need a command prompt, best to run in DOS (low level).
If going via windows interface, click on Start -- Run -- type 'command' -- click on OK
Navigate to the directory where the infected file was, e.g. cd c:\windows
You're going to be running the 'attribute' command, so type 'attrib /?' (leave out quotes)
This will display the help for the setting/changing attributes.
You need to use the same syntax as displayed in the help instructions.
So, navigate to the folder with the infected file, then type in 'attrib' [space][file name of infected file]
This will display the attributes of the infected file - I suspect it will be either 'S' - System File, or 'R' - Read Only file.
You need to clear this, eg:
Say the infected file was winlogo.gif
and those clever virus writers have given it the attribute of being a system file, you would type this:
attrib /-s c:\windows\winlogo.gif
upon hitting the enter or return key, you will delete this attribute.
Check by doing the following:
attrib c:\windows\winlogo.gif
Attribute should be cleared.
Norton cannot do this, I'm mystified why it can't provide instruction on how to do this, probably frightened that customers will fry their info!
So am I - so if you're not at all comfortable working with DOS, don't do it.
But this does work, removing the attrib and restarting in safe mode, will allow you to delete the file.
Tip: If you're attempting to delete the file in Windows, it may be an invisible file, so you you may have to change folder options to view hidden/system files.
Good luck
DaveB - LinuxWannabee
This should
Note: Norton and other antivirus programs sometimes cannot delete files, simply because they have their attribute set to something like 'system' or 'read-only' files.
So, if you've located the file (write down it's location and exact name, you'll need it later), and can't delete in safe mode, do this:
Restart PC with boot floppy or CD
You'll need a command prompt, best to run in DOS (low level).
If going via windows interface, click on Start -- Run -- type 'command' -- click on OK
Navigate to the directory where the infected file was, e.g. cd c:\windows
You're going to be running the 'attribute' command, so type 'attrib /?' (leave out quotes)
This will display the help for the setting/changing attributes.
You need to use the same syntax as displayed in the help instructions.
So, navigate to the folder with the infected file, then type in 'attrib' [space][file name of infected file]
This will display the attributes of the infected file - I suspect it will be either 'S' - System File, or 'R' - Read Only file.
You need to clear this, eg:
Say the infected file was winlogo.gif
and those clever virus writers have given it the attribute of being a system file, you would type this:
attrib /-s c:\windows\winlogo.gif
upon hitting the enter or return key, you will delete this attribute.
Check by doing the following:
attrib c:\windows\winlogo.gif
Attribute should be cleared.
Norton cannot do this, I'm mystified why it can't provide instruction on how to do this, probably frightened that customers will fry their info!

But this does work, removing the attrib and restarting in safe mode, will allow you to delete the file.
Tip: If you're attempting to delete the file in Windows, it may be an invisible file, so you you may have to change folder options to view hidden/system files.

DaveB - LinuxWannabee
This should
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






