I was running Norton Anti-Virus on my home computer today and the following came up as something it could not delte. I did quarantine it and submitted it to Symantec for analysis, but they could nto tell me how to get rid of it.

Here's the description of the problem.

The compressed file polall1l.exe within C:\Documents and Settings\Owner\Local Settings\Temp\THI72BF.tmp\localNrd.cab is infected with the Bloodhound.Packed virus.

Does anyone have any advice on what I can do to get rid of this?

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.packed.html

It's quarantined. You're safe.

Throw a frisbee for it to chase and catch?

If you throw it over a cliff...

Why do computer people who try to help you fix your computer, assume that you have done a university based course in computer programming?
I push the button and turn my computer on and at the end of the day I find the little button called start and click on "shut down"

What the frell do I know about .... for example

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Bloodhound.Packed.
5. Clear the Temporary Internet Files folder, if required.

What the heck is VGA mode? And I wouldn’t have a clue how to disable “System Restore” if I fell over it.

VGA refers to the minimum mode you can restart your computer in, like safe mode. it means that instead of rebooting with everything running and working, you get your basic OS. it makes it easier to do things like system scans and defragmenting, without all the pesky things that normally run...it gives more resources to completing one or two basic tasks.

to disable system restore, you go to start > programs > accessories > system tools > system restore > and then you click "system restore settings" that comes up and then it'll say "disable system restore?"

and RIGHT under the instructions of what to do, you'll see instructions on how to disable system restore...

And safe mode means you can delete those pesky little files that start running as soon as you start your computer, without your knowledge, and can't be deleted in normal mode. Very useful to know..:yes:

Well I did everything that Symantec recommended and I still couldn't delete it. It was classified as an Adware, so I even ran Ad-Aware and Spybot in Safe Mode. Still no dice.

The last time I tried doing something "simple" to my computer to "fix" it when it frelled itself it cost me over $100 to get it up and running again and then I had to pay the kid next door another $60 to fix the mess that the "experts" had made when they fixed it .... I just want to know why can't they make "fix-it" programs easy to use for people who haven't a clue and don't want to have a clue ... and just want a computer that does what it's supposed to do?

Did you note down the location of the file and try manually deleting it in safemode.....that's what i have had to do for some of the adware.

Actually if it is a trojan don't try that, you may not be able to restart the computer......if it IS quarantined it should be okay

No, I didn't try to delete it manually. When I did a search of my system, even including hidden files and folders, it came up empty. WTF,

Re-run your anti virus.....if it doesn't show up again you should be okay......I know, I know it takes an hour, but if you want to be sure.

If it does show up again you should be able to click on it and find out where it is located.

Its a pain, I just spent the last four hours, probably more, trying to get rid of adware that NIS and Spybot couldn't, and was seriously slowing down my surfing experience. Do the people who write this stuff have any idea how many man hours they are wasting....they should be taxed big time.

I've already run NIS, AdAware and Spybot 3 times today and it never lets me delete it. It's not even showing up with AdAware or Spybot even though Symantec has classified it an adware. Frell.

for the most part, the people at symantec know what the viruses are...norton is built fairly well. it's not failed me yet. if i get a virus notification, and it won't delete it through anti-virus, chances are, going to securityresponse.symantec.com will tell me what to do. a lot of adware writers are getting smarter (and more annoying). there are things that spybot and adaware and even NIS will not pick up. search your whole hard drive with the keyword and see if it comes up. if it does, then start in safe mode, then delete the .dll file that is related to the virus.

also look under your task manager and make sure that it's not running in there. and go into msconfig and look at the start up programs and see if it's in there.

Yeah, well I'm definitely not happy with Symantec. Their response was not helpful. I just paid $55 for the upgrade to NIS two days ago, and as soon as I do I get hit with this.

i use norton 2004. :shrug: does NIS include the firewall?

well, the good news is that bloodhound isn't a hugely dangerous virus. you'll get the best of it sooner or later.

NIS is the firewall, antivirus, pop-up blocker, anti-spam, parental control, all singing all dancing program that doesn't stop every single attack on your computer.

I run Zone alarm alongside it and Spy-bot too, on recomendation of one of the members here and most of the time everything runs fine. Just everynow and again one of those pesky adware cookies manages to make itself comfortable in a little corner of my computer and I have to get out the big broom..:)

Why do computer people who try to help you fix your computer, assume that you have done a university based course in computer programming?
They dont. Everybody hates fixing thier computer, even us geeks. Give a little love our way, too. Most folks who've been working on PCs for a while consider stuff like safe mode and sytem restore to be fairly basic concepts. Week-one stuff.

In Symantec's case, they're just trying keep things short and sweet so that not every avcenter article is a mini-tutorial on windows.

In regular people's case, they're not trying to flood you with jargon or show off, they're simply trying to speak at the most common level, with the most common language they know without running the risk of confusion and/or insulted intelligence. I've been in this situation quite a bit - I've had smoother experiences explaining things as I understand them (although without shortcuts or shorthand) and let the person I'm trying to help ask questions of clarification. Hand-holding usually results in the person calling again and again and again, learning nothing.

i think MrVesham sums it up nicely. i don't claim to know everything about a computer, but when something goes wrong with it, i'm fairly confident in my ability to fix it, or at least know what website to consult, to tell me how to fix it. i remember last year in college, i gained the reputation of "fix it girl" on my dorm hall. it was kinda fun, but it sucked at the same time, because i'd get IM's at 1 am from the girl down the hall who is working on her paper for class, and microsoft word won't do this, or that, and i wouldn't say no, because i was awake anyways. if i was sleeping, i'd say no (actually i'd just ignore the IM) but if i was up, i'd trudge down the hall to her computer. and the only reason i got that reputation was because i hooked up every electronic device in my room and i seemed to be the only girl in my hall who knew anything about computers other than just what things you do to get to the things you need...i think i'm going to get the shirt from thinkgeek.com that says "no i will not fix your computer" and wear it on moving day.

http://www.faqfarm.com/Computer/Virus/Bloodhound/22090

http://www.cyberlab.ch/virus-removal--bloodhound.packed-removal-virus/

http://zdnet.com.com/5208-1105-0.html?forumID=1&threadID=3276&messageID=68551&start=9

Try CWShredder. from grinner's link

I've used this application before. I don't remember what the virus or worm was but I couldn't get rid of it with anything else...this worked though.

Why do computer people who try to help you fix your computer, assume that you have done a university based course in computer programming?
I push the button and turn my computer on and at the end of the day I find the little button called start and click on "shut down"

What the frell do I know about .... for example

1. Disable System Restore (Windows Me/XP).


For XP anways its as easy as pie.. start menu --> control panel --> (depending on if you have classic or category view) choose either performance and maintenance and then system or if its classic view you can choose system right away.

Then click the system restore tab
click the box to turn of system restore on all drives

I had to turn mine off and restart it to reclaim the HD space, because the settings were set too high, taking up too much of a percentage of drive space.

I just murder-death-killed my puter, and it started with me looking for a virus. I'm not gonna try to help someone kill thier toy.

isn't XP the only microsoft OS to have system restore anyways?

No, NT4 has it, Win2k has it, and Win98 has it, kinda has it, you have to foresee a crash, days or weeks in advanced.

right. i went from win 98 to win xp and i didn't like any of the OS' in between. except for maybe ME.

ME is one of the most scariest operating systems in my opinion, even worse than 95. Win2K was great, except it liked to frell around and give you the blue screen 4 or 5 times in a row for no reason. My fists still hurt from those days.

i used ME on and off becaus one computer in my high school computer lab had it. the others were running 98. so depending on who was using the computers, sometimes i'd end up on that machine.

Thanks for the links grinner. I tried housecall.trendmicro.com and it found even more viruses, but could not delete all of them. They're all trojans. Microsoft technical support told me they'd get me a fix in a few days, but I think I'll try the links for the other virus removal tools too.

Thanks for the links grinner. I tried housecall.trendmicro.com and it found even more viruses, but could not delete all of them. They're all trojans. Microsoft technical support told me they'd get me a fix in a few days, but I think I'll try the links for the other virus removal tools too.

If its all trojans try a trojan remover program.. you never know..

http://www.simplysup.com/tremover/download.html

I had the same (or similar strain) trojan a couple of times. Norton AntiVirus always immediately quarantined it when it popped up, and I never had a real problem (beyond the minor annoyance) because of it. I had to do the "Safe Mode, then scan" routine twice, but I think that's only because I visited the same infected webpage more than once.

I think the reason it's so "elusive" is because the trojan, at least in my case, was putting itself in your temporary internet files folder. It seems from my hazy memory that the trojan (a harmless looking file) would install to your temporary files folder, then later, when "triggered" it would spawn a malicious file. If you didn't follow the "safe mode" instructions to the letter, Norton would only quarantine and get rid of the secondary "spawned" file when you deleted it from quarantine, and not the actual virus-ridden file that was causing the whole problem to begin with. I made the mistake of just deleting the quarantined file and not researching the first time the auto-protect caught it. Once I found the more detailed destructions, that sucker was toast.

I have to say, I've been thoroughly happy with Norton and its ability to fend off and clean up viruses. But then, I'm paranoid-don't-open-attachments-you-don't-expect-even-from-your-mother girl. I even use web clients exclusively at home just to avoid the Outlook Express security holes that you could drive a truck through. Trojans are about the only thing that are going to end up on my system. And I update virus files every Wednesday. Good luck getting things cleaned up.

yeah, i'm that type too. i don't open attachments. today i got two attachments through my college email address.. i don't know if they were from the university or not, but i deleted them without even inquiring.

The Cure...

Ah, the tried and true "re-BOOT" method... ;) :D

retry, reboot, reverse and retribution!

The 100 Rs of computing.

Whoever named that little blinking line the "cursor" certainly got it right! :D :censored:

I've found Anti-vir to be about the most paranoid and agressive antivirus program out there, for what that's worth.

It is freeware, but I don't have a link handy - and I'm dealing with issues of my own thanks to Norton so I can't load Google to find it.

Tomorrow I'm uninstalling Norton Anti-Virus (not just disabling it) and running with AVG & Antivir instead.

http://housecall.antivirus.com/

This is an online scanner that's never failed me. It even pics up and kills things my normal (AVG) scanner sometimes leaves scraps of.

You need to use IE explorer to make it work though.

Again, thanks everyone for the advice.

If you didn't follow the "safe mode" instructions to the letter, Norton would only quarantine and get rid of the secondary "spawned" file when you deleted it from quarantine, and not the actual virus-ridden file that was causing the whole problem to begin with. I did follow Norton's instructions to the letter. It still won''t fix or let me delete the virus. In one of the threads that grinner posted a while back there was someone who said that the virus was preventing Norton from updating the virus definitions, thus not enabling it to fix the problem. I wonder if I am having the same problem, even though it appears that "live update" is working properly.

http://housecall.antivirus.com
This is an online scanner that's never failed me. It even pics up and kills things my normal (AVG) scanner sometimes leaves scraps of.If this is the same thing as housecall.trendmicro.com I have tried this too. It caught 6 different infected files that Norton did not. It allowed me to delete 3 of them, but would not allow me to delete the Java Nocheat virus or the Alchemic.A virus. I didn't even find the Bloodhound virus. I talked to Microsoft technical supprt and they seem to think that the Java Nocheat may be the Bloodhound. They didn't have a fix for me but said they would in 3-5 days.

I even tried to download CWShredder because in one of the links grinner gave me someone mentioned that that program worked for them. I tried to download a copy of that, but my computer would not download it, which makes me wonder again if the virus is preventing me from doing so.

And finally, I was told by Microsoft that it is not necessary to open attachments to catch these viruses. Many of them are "piggybacking" on websites, so as soon as you use the link a port opens up in your computer that lets the virus in. They also said it was very common for these to piggyback on sites that offer downloading of video or music clips. I don't download music, but I have downloaded a few video clips. The video clips from ComiCon and the new Teaser Trailer for the mini.

I have the Millennium ed; of MS ... I've had some glitch in my system since the "experts" worked on my puter last year, that no-one seems to be able to fix. They tell me to do this and do that and all of it involves some kind of knowledge other than just locating Scan Disc or Defrag functions. I am utterly terrified of deleting the wrong things and completely screwing up my computer - not that it's running so hot right now.

I have something called "trayclnt" that hangs every time I go on-line and when I Ctrl / Alt / Delete and remove the "not responding" item, IE goes ahead and eventually loads. If I don't inactivate this item then my MSN Home page will not load. I have asked the "experts" about this and they can't expalin why it hangs or even what it does.

The other item that is driving me nuts is my RealArcade player. I cannot update the game guide which it wants to do every time I open the application. If I am on-line the update function just will not update as there seems to be some driver missing from my system. I completely uninstalled RealArcade about a month ago (bold move for me) and then reinstalled it but it hasn't helped. Whatever is missing is still missing in spite of the new download.

Computers drive me nuts! http://smileys.smileycentral.com/cat/23/23_4_167.gif God help me if I ever get a real virus into my system.

I just downloaded 5 different spyware/virus/trojan search programs... and I had 0 present on my compter. Maybe running 3 firewalls does work...

3 firewalls! damn

I just downloaded 5 different spyware/virus/trojan search programs... and I had 0 present on my compter. Maybe running 3 firewalls does work...Yeah, I have thought about putting up a second firewall too, since Norton seems to not be enough. Guh.

Run a Hardware Firewall/Router. Something like a Linksys

I run two firewalls, both spybot s&d as well as lavasoft, google toolbar pop-up blocker, macafee anti-virus and AVG anti-virus, PLUS I bought the aceutilities program and run that once a week. Ever since I installed aceutilities and began running it regularly, I get NO spyware at all!

Again, thanks everyone for the advice.

I did follow Norton's instructions to the letter. It still won''t fix or let me delete the virus. In one of the threads that grinner posted a while back there was someone who said that the virus was preventing Norton from updating the virus definitions, thus not enabling it to fix the problem. I wonder if I am having the same problem, even though it appears that "live update" is working properly.



Nah, I'm sayin' I didn't do the Norton instructions to the letter the first time. I just thought "Meh, don't need the infected file. I'll just delete it." Just curious, will Live Update work at all in Safe Mode? I can't remember if I updated in Safe Mode after cleaning up the virus just to be sure or not. It does sound like you're having some sort of issue, if you're doing the instructions and it's showing up again in the next scan or whatever. Mine disappeared for a day, then "came back" the next day on my scheduled scan. But I think it was actually a re-infection, not the same virus. The trojan's actuall file name was different.


And finally, I was told by Microsoft that it is not necessary to open attachments to catch these viruses. Many of them are "piggybacking" on websites, so as soon as you use the link a port opens up in your computer that lets the virus in. They also said it was very common for these to piggyback on sites that offer downloading of video or music clips. I don't download music, but I have downloaded a few video clips. The video clips from ComiCon and the new Teaser Trailer for the mini.

True. That's how Bloodhound got on my system. If I try to open a suspicious attachment at home, and once I did by accidental misplaced mouseclick, I've never had it get by the Auto-Protect, and I hadn't opened an attachment of any kind in ages. But then, I've got my settings turned up pretty high. I never did figure out exactly which website I visited was infected, but it was evidently one I ran across while doing a research session through Google. It didn't seem to be a download site, as I don't recall doing any downloading during that period. My downloads are rare and few. Virus outbreaks are one time I'm glad to know I'm still puttering along on Win 98 at home. Not a lot of new viruses written for it. One of these days I'll get the upgrade bug again, but not right now.

Run a Hardware Firewall/Router. Something like a Linksys


This was suggested by a local IT guy to me when I described that my software firewall was blocking 2000 hits per week from intruders. Evidently, Comcast (which is my ISP) was _wiiiiiiiide_ open a while back and every hacker on the planet was raging. So, comcast cleans up, but the hackers are still trying their trade across the band. Thus, the voluminous traffic.
The hardware firewall is supposed to quiet this down subst... sub... quite a bit.

substantially.

This was suggested by a local IT guy to me when I described that my software firewall was blocking 2000 hits per week from intruders. Evidently, Comcast (which is my ISP) was _wiiiiiiiide_ open a while back and every hacker on the planet was raging. So, comcast cleans up, but the hackers are still trying their trade across the band. Thus, the voluminous traffic.
The hardware firewall is supposed to quiet this down subst... sub... quite a bit.
yes it does. My computer is typically running 24 hours a day, 7 days a week. I usually restart it once a month. My router/firewall has stopped over 20,000 active attacks and over 200,000 hits to my computer in the last year and a half. Of those, my software firewall has stopped an additional 13,000 soft hits that got thru my hardware firewall. Since I stopped accepting cookies from websites, I have had ZERO spyware attachments/placements upon my computer. I turned off EVERYTHING in Infernal Exploder and don't use any of its functions. I run Mozilla 100% of the time and the difference is amazing. The last trojan that got onto my computer was over 2 years ago.

substantially.

ahh, yes. My grat...grait... thanks.

I turned off EVERYTHING in Infernal Exploder and don't use any of its functions. I run Mozilla 100% of the time and the difference is amazing. The last trojan that got onto my computer was over 2 years ago.
looks like I'll be doing some investigating this weekend. Well, betwixt meteor shower events.

gratitude.

you're so good to me, my lieg.... my leej... My Queen :bowdown: