Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 7 of 7 Posts

·
Registered
Joined
·
9,057 Posts
Discussion Starter · #1 ·
I appear to have "Bloodhound Exploit 6 - PWSteal.Tarno.B" on a "troubled" Win98 PC I'm trying to fix.
I found it by chance when trying to copy a HJT log to my "good" computer connected to the internet for posting on this forum.
My Norton AV picked it up, reported it and deleted it.

One of the symptons is deleting of files. The "Troubled" PC is currently missing iexplore.exe and (outlook Express) msimn.exe. I'm not sure what others have been deleted.

I've downloaded the latest Avert "Stringer" Ver Mar 26, 04, ran it and tried again to copy the HJT log and the Norton AV on my "Good" PC reported it again.

So... it looks like "Stringer" was unable to repair it.

A couple of things.
1) This virus looks like it has been recently reported Feb 2004.
2) Not sure if Symantec has a fix as yet.
3) I'm unable to connect to the internet on the "Troubled" pc to run any other online virus programs or even to download the recent "Live Updates" for Norton AV.
4)I'm trying to load up Norton Internet Security, unsuccessful due to install errors.
5) Unable to get a HJT log due to the virus.

Looking for a fix for this virus and some help direction.
 

·
Registered
Joined
·
9,057 Posts
Discussion Starter · #2 ·
I've re-installed Win98_se.

I 've reinstalled IE6 using setup files/cabs on Norton AV Internet Security CD. But I still get an error message when I try to access iexplore.exe. "Can't find program iexplore" ... I did a search on the PC and I can't find the program either. Note: I would have thought re-installing IE6 would have restored this program. (See issue 2)


Issue of the day.
1) I'm trying to get this PC connected to the internet so I can download liveupdates and a Norton AV IS patch that they say will correct my install issue.

2) I've copied iexplore.exe from my "Good" pc to the "Troubled" pc and I now can run internet explorer... but, I'm not convinced all the pieces are corrected properly as I still am not connecting.

3) I'm looking in to the ISPfix program... but I don't know how to use this.
I see entries
MR20.dll
MSwsosp.dll
MSafd.dll
RSvpsp.dll

4) I just "regedit" & checked "hkey_local_machine..... windows/current version/run" and see an entry
"OFILYPJ" C:\Windows\OFILYPJ.exe. (Looks like something bad here)

5) Can't get a HJT log to you still as my PC still reports Bloodhound Exploit B when I attempt to access the log on a floopy

Please review and advise. Thanks
 

·
Registered
Joined
·
9,057 Posts
Discussion Starter · #3 ·
FYI, I've run the latest Adaware, Stringer and Sybot.
Still stuck.
 

·
Registered
Joined
·
9,057 Posts
Discussion Starter · #4 ·
Can somebody direct me on ISPfix

I'm looking in to the ISPfix program... but I don't know how to use this.
I see entries
MR20.dll
MSwsosp.dll
MSafd.dll
RSvpsp.dll
 

·
Retired Moderator Retired Malware Specialist
Joined
·
56,449 Posts
I've never seen the MR20 entry before and don't know what it is, a google search suggests it's OK so don't delete it

the other 3 are all good entries

all you do with lspfix is run it, tick the I know what i'm doing box and press finish
 

·
Retired Moderator Retired Malware Specialist
Joined
·
56,449 Posts
but I can't see how a simple text file saved to floppy can contain a virus

first format the floppy then put it in the damaged machine, copy the hjt log file and move it

Txt files cannot contain a virus so the only thing that the scanner on your machine is picking up must be an existing virus on the floppy
 

·
Registered
Joined
·
9,057 Posts
Discussion Starter · #7 ·
Thanks D
1) I'll try the ISP run
2) Interesting thought...but I had two files on the disk, 1 that I put on the to transfer "to" the troubled pc - reflist for Spybot and the 2nd file was put on from the troubled PC.
I just tried to open each one and I get a virus warning on the text file HJT log.
3) FYI, I've downloaded TDS scan and am currently running it on "Troubles".
 
1 - 7 of 7 Posts
Status
Not open for further replies.
Top