Removing Bloodhound.exploit.196

August 13, 2009 at 14:22:43
Specs: Windows Vista
Hi,

could you please help me with removal of bloodhound.exploit.196 virus? Already ran scan by Symantec, but it seems to stay in the registers. Is there a manual way of removing it?

Will be glad for your hints.

Thanks


See More: Removing Bloodhound.exploit.196

Report •


#1
August 13, 2009 at 16:52:01
Follow:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
August 17, 2009 at 15:16:56

Report •

#3
August 24, 2009 at 06:35:11
hi jdk, I sent you a message with detection and the result form the softwares, thank you for your effort.

Report •

Related Solutions

#4
August 24, 2009 at 08:50:10
I got this from a website:

Below is a list of Bloodhound.Exploit.196 manual removal instructions and Bloodhound.Exploit.196 components listed to help you remove Bloodhound.Exploit.196 from your PC. Backup Reminder: Always be sure to back up your PC before making any changes.

To remove Bloodhound.Exploit.196, you must first stop any Bloodhound.Exploit.196 processes that are running in your computer's memory. To stop all Bloodhound.Exploit.196 processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for Bloodhound.Exploit.196, then right-click it and select "End Process" key.

To delete Bloodhound.Exploit.196 registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button and selecting "Run." Type "regedit" into the box and click "OK." Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\Bloodhound.Exploit.196." Right-click this registry key and select "Delete."

Finally, to completely get rid of Bloodhound.Exploit.196, you must manually remove other Bloodhound.Exploit.196 files. These Bloodhound.Exploit.196 files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Bloodhound.Exploit.196 might create a file like
%PROGRAM_FILES%\Bloodhound.Exploit.196\Bloodhound.Exploit.196.exe. Locate and remove these files.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
August 24, 2009 at 09:02:28
Hi, posting also here the outputs, thank you for you effort !


SuperAntiSpyware
=================
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/24/2009 at 05:37 PM

Application Version : 4.27.1002

Core Rules Database Version : 4059
Trace Rules Database Version: 1999

Scan type : Complete Scan
Total Scan Time : 01:56:29

Memory items scanned : 1179
Memory threats detected : 0
Registry items scanned : 8616
Registry threats detected : 3
File items scanned : 36575
File threats detected : 43

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1957994488-842925246-40105171-934998

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\compaq.com.br
HKU\S-1-5-21-1957994488-842925246-40105171-934998

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\compaq.com.br#*
HKU\S-1-5-21-1957994488-842925246-40105171-934998

\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\compaq.com.br#http

Adware.Tracking Cookie

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

media.adrevolver[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ad2.billboard[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

tribalfusion[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

doubleclick[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

collective-media[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ads.oxyonline[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

advertising[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

et.idnes[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

media.adrevolver[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

adrevolver[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ehg-techtarget.hitbox[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

serving-sys[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

at.atwola[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

insightexpressai[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

linuxquestions[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

interclick[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ads2.czc[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

content.yieldmanager[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

mediaplex[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

atdmt[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

idnes[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

invitemedia[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

revsci[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ads.stackoverflow[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

2o7[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ad.yieldmanager[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

ads.sun[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

hitbox[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

tdstats[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

perf.overture[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

tacoda[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

bs.serving-sys[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

toplist[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

statcounter[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

questionmarket[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

apmebf[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

adserver.adtechus[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

apmebf[1].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

atdmt[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

doubleclick[2].txt

C:\Users\gebeova\AppData\Roaming\Microsoft\Windows\Cookies\gebeova@

msnportal.112.2o7[1].txt

Trojan.SVCHost/Fake
C:\PROGRAM FILES\REMOTE TOOLS\MSRA-TEMP\SVCHOST.EXE
C:\PROGRAMDATA\MICROSOFT\NETWORK\CONNECTIONS\CM\MSRA-

CA\SVCHOST.EXE


Malware Software
=================
Malwarebytes' Anti-Malware 1.40
Database version: 2644
Windows 6.0.6002 Service Pack 2

8/24/2009 5:14:47 PM
mbam-log-2009-08-24 (17-14-47).txt

Scan type: Quick Scan
Objects scanned: 101739
Time elapsed: 1 hour(s), 35 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#6
August 25, 2009 at 05:02:32
HI XpUser4Real,

thank you for your suggestion, but I have no such services, no such registry at my PC :(, but the virus still producing lot of small files ... means my PC is still infected.
Any other suggestion come to your mind ?
thanks, gg


Report •

#7
August 25, 2009 at 11:39:03
you may want to try HJT:
http://download.cnet.com/Trend-Micr...
and then post it in:
http://hijackthis.de/
Then try googling the questionable results.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#8
Report •

#9
August 25, 2009 at 20:33:51
I had this same problem and after following the instructions at this document, it got rid of it. I did this Saturday night and have done several scans since then to make sure it had not come back and so far so good. Here is the document number from Symantec:

Document ID: 2009042217073548

Good luck.


Report •

#10
August 26, 2009 at 09:53:36
Guys,

thank you for your suggestion,

@jdk: I still need your help, thank you.

Symantec solution is doesn't working for me.
Pls find my attached logs from 2 antivirus program, I'm not sure if I want to install another 2 of them.

Thank you for your effort all !!!


Report •

#11
August 26, 2009 at 10:09:29
You may want to try unhackme, it's fully functional:
http://www.greatis.com/unhackme/dow...

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question