Okay so I know people don't like Norton Anti-virus, but it detected this...bloodhound.exploit.213. From what I've read its a "Acrobat util.printf() vulnerability". I almost never get viruses and its a new computer so I want to make sure it is gone. The only legitimate help I've gotten (other than messing with the registry is dl'ing Adobe 9. Anyone have any suggestions?

The only thing I remember doing was trying to watch a movie on surfthechannel.com on IE. Suddenly this thing...antivirus2010 tried to install on my computer. I stopped it and checked to see if any new programs were dl'd. I didn't see anything. Ever since then...I've been getting the quarantined Bloodhound exploits popping up from NAV.

Thanks.

1/25/2009 12:56:59 PM

chances are, you loaded a page (either directly or indirectly) that contained malicious javascript that downloaded a malicious PDF file and opened it. that PDF contained an exploit for the util.printf heap overflow (CVE-2008-2992) that affects Adobe Acrobat reader 8.1.2 and before. If you had a vulnerable version installed, you likely downloaded some other malware. From the sounds of it, you were running a vulnerable version.

At this point, I would run a scan in safe mode using Norton and then follow that up with one of the online AV scanners (trend-micro housecall or the like).

1/26/2009 9:27:45 PM

Thanks man...so should I run both of those in safe mode?

1/27/2009 10:54:37 PM

yeah, run both in safe mode

1/31/2009 1:18:52 PM

I tried it...no luck. All these dwh.tmp files keep popping up saying they are quarantined as bloodhound.exploit.213. I've seen no change in the way my computer works otherwise. Very confusing.

1/31/2009 10:02:48 PM

You might want to download and use Malwarebytes Anti-malware to scan and clean your computer. That seems to do a pretty good job with cleaning up things like what you've described, especially the "Antivirus 20xx" crap that's been floating around lately.

1/31/2009 10:12:30 PM

yeah I think that's what it is. I ran it and it found nothing. I don't understand. argh

2/1/2009 6:35:40 PM

Me too so what is the solution?

4/21/2009 8:55:55 PM

bump

9/25/2009 7:13:52 PM

you need adblock before using surfthechannel. a few of the ads that pop up are not good.

9/25/2009 7:23:55 PM

format c:

9/25/2009 7:40:59 PM

anybody get rid of this? running adaware, symantec, and AVG in safe mode with no luck

9/25/2009 11:49:37 PM

definitely do the trend micro housecall in safe mode w/ networking. i've seen it catch and repair a LOT of shit that others missed. highly recommended.

9/26/2009 12:08:53 AM

hmmm...so it just stopped popping up after a while. I did all this stuff.

I posted in another forum. And they tried to help me and then it just disappeared. If you can see this thread...try and follow the directions they outlined.

http://www.geekstogo.com/forum/antivirus2010-bloodhound-exploit-213-dwh-tmp-t227283.html

9/26/2009 1:50:56 AM

nuke it from orbit

Quote :

"format c:"

9/27/2009 9:03:58 AM

Follow this tutorial for using ComboFix.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

It will pretty much destroy any malicious software without the need to format. I had to remove an extremely obnoxious UAC rootkit the other day and ComboFix as always, came through. I don't know if you're patient enough to complete my entire process, but I wanted to minimize the chance that it would ever come back (which it still might but then it's time for teh format)

1)Disabled System Restore (CF creates a restore point but I always disable)
2)Booted into Safe Mode with Networking to download ComboFix from the above link.
3)Rebooted into vanilla Safe Mode to actually run the utility. It found rootkit activity and wanted to reboot again. It found and removed it, but I booted back into Safe w/ Net and updated and ran a full Malware Bytes scan. http://www.malwarebytes.org

[Edited on September 27, 2009 at 1:51 PM. Reason : info]

9/27/2009 1:37:12 PM