Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Not open for further replies.
1 - 4 of 4 Posts

· Registered
306 Posts
Discussion Starter · #1 ·
norton reports that i've been infected with the following virus in my: Local Settings\Temporary Internet Files.

however it was unable to remove any of it, soon after norton appears to have block many attempts to hack my pc, i panicked and immediatly disconnect my internet and began telling norton to scan for the infected files inside the temporary internet files folder.

but to my surprise, norton report the folder to be clean.

so now what? is the virus still there? what happen? i did use avg antispyware and clear out the temporary internet files folder with disk cleanup since notron found nothing, but i don't know if it's still there or not.

also there's a file called syst in my C:\, it's time of creation is the same as the virus infection time, please help me oh i beg of you please help me i'm so confused...

· Gone but Never Forgotten
17,966 Posts
Hi, Relax.....exactly what was found, are you able to find the item in Quarantine or any logs of the detection in the Norton program? Post what was found exactly as it appears, best if you can post the entire results from the scan or the detection from Norton. I don't know the exact steps for your version....

Did you go read the article? MS KB one?

Bloodhound.Exploit.95 is a heuristic detection for a vulnerability in Visual Studio 2005 (as described in Microsoft Security Bulletin MS06-073).

If that is exactly the exploit that was found, you can get a patch for it at the Microsoft article.

You must have some of the MS Office suite installed, that needs the update for Visual Studio. You can do Office Updates, and if needed it will get the update for you.

""I am running Internet Explorer 7. Does this mitigate this vulnerability?
Yes. Customers who are running Internet Explorer 7 with default settings, are not at risk until the WMI Object Broker control has been activated through the ActiveX opt-in feature in the Internet Zone. However, if a customer has used this ActiveX control in a previous version of Internet Explorer, then this ActiveX control is enabled to work in Internet Explorer 7, even if the customer has not explicitly approved it using the ActiveX opt-in feature.""

That means, if it existed while you had IE 6, it is still there if you have switched to IE 7, many people have IE 7 because it is a critical update(read, will install automatically if you allow automatic updates).

Disk Cleanup sometimes will not get emptied, so we often reccommend one or another temp file cleaners....

Download Cleanup from here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK

Now boot to safe mode.
[*]Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit Enter key once. The words "Safe Mode" appear in all 4 corners of the screen....and the screen is black. (OK)

Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.

Apply the patch:

Read the info about it. Follow the instructions. I would download it to a folder or desktop and apply it from there.

If it tells you to restart, do so. Next move would be a new Norton scan to see if anything is found. Post what happens, what is found, etc

Also, post a Hijackthis log:

go to Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
_ _

· Registered
306 Posts
Discussion Starter · #3 ·
thanks for the help, but i don't want to be a bother by posting hj logs, i've alredy manually delete the junk and stuff, btw i don't have visual studio, and it appears someone also has the same problem as i have:

all the stuff he ran into, i too did the same, he said he use an AntiVirus program called Dr.Web to remove all the stuff, but i'm not sure, since i've never heard of such program called dr.web, plus i already manually remove some of the crab, please post some recommandtions if you can.

norton said it is unable to repair or remove the virus when it was first detected, but when i ask it to scan the infected folder again it reported it to be clean, so confusing.

please help, many thanks

· Gone but Never Forgotten
17,966 Posts
Hi, Here is a thread I helped in recently with the same type of thing:

The HJT log plainly showed us the malware.

If you say you have taken care of the problems then it is OK by me!

I myself have not used the Dr. Web program, but I do see it used quite often but I am not able to judge how well it does anything.

It's your choice not to post an HJT log, but it would help a great deal to see if any malware is running on your computer.

Visual Studio is usually not a separate program that shows in Add/Remove Programs, it is part of Office, built into it.

Lots of people have had this same infection in various degrees.

Posting HJT logs does not bother anyone, so feel free to, or not.

Norton may be set to Delete the bad files if it cannot Clean/Disinfect them. The better option is Quarantine but usually another scanner will "see" the file and detect it in Quarantine....

You can manually check Quarantine and see if the virus is still there, and they can be deleted from Quarantine after you are sure that the computer is working OK.
1 - 4 of 4 Posts
Not open for further replies.