General discussion

Locked

Problem with Trojans

By durocher.jeanne ·
Hello, I'm having a problem with some trojans. A friend of mine on MSN sent me a link that was actually a virus. I didn't click on it and actually closed the conversation window, but for some reason it infected my computer anyway. I keep getting notifications from Symantec (which I had installed previously) about new trojans, and in the meantime their quarantine and Temp folders are filling up. I can empty the Quarantine folder, but it won't let me do anything with the other (I'm told that the computer "can't read from the source disk"); which of course, means that I'm beginning to run out of disk space. I've had to shut down my laptop (the infected computer) because of it; I'm currently using my desktop.

I came across a topic here in which someone else with a similar problem had it solved by you fine people, and I went through the thread to see if I could solve my own problem the same way.

However, it hasn't worked. I downloaded TrojanHunter, disabled my System Restore and ran Housecall, and ran Spybot twice; one of which was done at startup. However, the problem is still there. All I was able to do was remove infected files (most of which was adware I already knew about and weren't threats; each program I installed ended up finding the same files too), not the infection.

I haven't looked at my laptop as it only has about 100 KB of free space on the hard drive (I'm afraid of crashing my computer poking around), but I'm pretty sure there were only two identified trojans: 'Bloodhound.Exploit' and 'Byte.Verify'. Byte.Verify was more common; I got maybe 15 of these through Symantec notifications to one Bloodhound.Exploit.

Thanks for your help in advance!

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Problem with Trojans

Symantec has tools for removal. you may have to run them a couple of times just to be on the safe side. Quarrentined items sit in a folder and AV will see them when you scan. doesn't mean your comp is infected. If you know your computer isn't infected you can have Symantec ignor the alert but best bet is to just empty the quarrentine items and configure Symantec to clean and remove [delete] rather than quarrentine unless your going to send them to Symantec Security Response Center.

Note: Syamntec as well as other security firms actively search for new viruses so keeping cleaned stuff around in a quarrentined folder probably isn't necessary.

Collapse -

by CG IT In reply to

I know this doesn't answer your question but before you panic, make sure your really infected and the AV scan isn't seeing viruses and trojans that have been cleaned but quarrentined. If in fact you still have an infection that can't be cleaned with removal tools, and all other methods [such as online scanning] then its time to seek help from your AV provider.

Collapse -

by deepsand In reply to Problem with Trojans

Bloodhound is a name used by Symantec to label unknown threats detected by its proprietary heuristic Bloodhound software. Bloodhound threats represent ones which have not yet been formally classified & named, and therefore have no removal tools yet available.

Bloodhound threats are assigned very specific names; e.g., Bloodhound.Exploit.37, Bloodhound.W32.2, Bloodhound.Packed, Bloodhound.Unknown, etc.. In order to address these, it is necessary to 1) Determine the complete specific name assigned by Symantec, and 2) Submit a copy of the infected file to them.

As for Byte.Verify, there is no such or similar entry in Symantec's database; you'll need to revisit the scan logs and/or quarantine zone to determine the name.

Note that quarantined items are 1) not active, and 2) are not reported in new scans. Only new instances, or old ones that have not been quarantined or otherwise removed, are reported.

At this point, without knowing the correct full names of the threats, little more can be said.

Collapse -

by deepsand In reply to

Was the 2nd threat perhaps Backdoor.Verify?

If so, see
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.verify.html

Collapse -

by deepsand In reply to

1) There are many variants Symantec lists under the name Bloodhound; they are not the formal name of the threat, but are temporary names pending indeification & formal naming.

A search of Symantec's site yields over 600 hits for Bloodhound.

2) As previously stated, Byte.Verify is not found on Symantec's site.

Sorry, but you're going to have to access your machine to find out both the specific names of the threats reported, and, the name of the application program that reported such.

Precaution: Disable your i-net connection if you do not have a properly configured firewall in place. If you are infected with a self-repairing RAT, such as Backdoor.Verify, you do not want to allow it to "call home."

Collapse -

by ozi Eagle In reply to Problem with Trojans

Hi,
I have found that AdwareAway cleans stuff the others don't.
Available from www.adwareaway.com for 5 days free trial.

Good luck

Collapse -

by durocher.jeanne In reply to Problem with Trojans

Going solely by the notifications Symantec sends me, CG IT, most of the files it identifies are either deleted or quarantined; rarely have I seen any of them "cleaned". I've already emptied my Quarantine folder when performing scans with other antivirus programs (though, according to deepsand, that doesn?t matter anyway). Though, that's half the problem. There's another folder in the Symantec folder, ApTemp, that fills up with files, and the computer won't let me do anything about them (as I said before, I get an error message). I currently have about 8 GB of files in there, and I can't do anything about them.

And deepsand, are there other Bloodhound.Exploit files other than the one you named? Because, if there isn?t, than that Bloodhound.Exploit.37 is undoubtedly the one I got. I know for sure that it was an "Exploit" Bloodhound file. Could you just give a recommendation based on that alone? I mean, how diverse can the cure be if it?s a different Bloodhound file? I?m sorry, I know little about these matters.

I know for sure that the other file that came up was "Byte.Verify". It was so common that there was really no mistaking it. It?s possible that "Backdoor.Verify" came up now and then, but I really don?t know. I?m not about to go back and wait for more notifications to see (which is the only way I know how to see them, by the way).

Collapse -

by draegor In reply to Problem with Trojans

Go to this link :

http://www.dslreports.com/forum/security

They have an excellent set of experts that can fix you up. Just follow all their instructions and you should be fine.

Good luck

Collapse -

by mtwizel In reply to Problem with Trojans

Having worked as a tech at a major retail shop, I can honestly tell that the best tool ever created to deal with those type of viruses, is FORMAT.

Collapse -

by wlbowers In reply to Problem with Trojans

That is Symantec's favorite line.

I stopped selling Symantec 2 years ago. I use and put all of my clients on eTrust eArmor.

http://www.my-etrust.com/microsoft/

Good Luck

Lee

Back to Desktop Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums