General discussion

Locked

Virus Question

By bscheerer ·
I have the event log set up to email me events. I keep getting this over and over...

EVENT # : 2300
EVENTLOG : Application
EVENT TYPE : ERROR (1)
SOURCE : Norton AntiVirus
EVENT ID : 5
TIME : 4/4/04 2:18:00 PM
MESSAGE : Virus Found!Virus name: Bloodhound.Exploit.6 in File: C:\ExchSrvr\imcdata\in\2DF8AJWC by: Defwatch scan. Action: Leave Alone succeeded :
Virus Found!Virus name: Bloodhound.Exploit.6 in File: C:\ExchSrvr\imcdata\in\2DF8AJWC>>Unknown0000.data by: Defwatch scan. Action: Leave Alone succeeded :
Virus Found!Virus name: in File: C:\ExchSrvr\imcdata\in\2DF8AJWC by: Defwatch scan. Action: Leave Alone succeeded :

It's quarantined, but real-time keeps finding it in my exchange directories. Any idea on a removal tool to get it completely out of my machine so that Norton doesn't keep seeing it. I have checked their list of removal tools. I don't see BLOODHOUND.EXPLOIT.6 listed, unless it is under another name.

Thanks,
Bryan

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

try here

by mrbill- In reply to Virus Question

Try this page: (be sure to remove any added spaces to the URL)

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html

Collapse -

quarantine options

by dcAdmin In reply to Virus Question

Two pieces of advice:

1. Do not have your filesystem scanner scan your exchange directories if it is mail. (I could not tell if this was a mail directory, but need to make sure your exclusions were setup correctly.) If it is a mail directory then use a mail scanner and exclude that directory from the file system scanner.

2. Remove the quarantined file from the quarantine directory, preferrably through the UI. This detection is because of your quarantine options are set to rescan and repair files when new defs arrive. You are seeing 1 previous detection reappear because the new definitions arriving are trying to repair it.

If you need more assistance, then either contact support or seach the Symantec KB's for left alone and virus found.

Collapse -

quarantine options

by dcAdmin In reply to Virus Question

Two pieces of advice:

1. Do not have your filesystem scanner scan your exchange directories if it is mail. (I could not tell if this was a mail directory, but need to make sure your exclusions were setup correctly.) If it is a mail directory then use a mail scanner and exclude that directory from the file system scanner.

2. Remove the quarantined file from the quarantine directory, preferrably through the UI. This detection is because of your quarantine options are set to rescan and repair files when new defs arrive. You are seeing 1 previous detection reappear because the new definitions arriving are trying to repair it.

If you need more assistance, then either contact support or seach the Symantec KB's for left alone and virus found.

Collapse -

PC-Cillin

by AffordblPCRepair In reply to Virus Question

If all else fails go to www.trendmicro.com, select personal tab and do a house call. Maybe consider using a better anti-virus software like PC-Cillin (made by TrendMicro).

Collapse -

Update your virus definitions.

by mrafrohead In reply to Virus Question

The bloodhound exploit means that Norton is detecting "possible virus activity" but it doesn't have a actual definition for what the occurance is.

More than likely you will have a virus, but there are times that bloodhound will deliver a false positive.

Just keep those definitions updated and hold the "virus" in quarantine until you know for sure if it is a real virus or a false alarm.

Mrafrohead

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums