Crazy Laptop

AceCombat · Post by **AceCombat** » Tue Aug 03, 2004 6:35 pm

my brothers laptop is acting very funny......

everytime it is restarted.....something keeps enabling LAN Proxy and Internet Connection Proxy settings.....

ive run Spybot 4 times, AdAware 5 times, and NAV 2k4 4 times......each run comes up clean...

WTF is turning those two options back on?

CDN_Merlin · Post by **CDN_Merlin** » Tue Aug 03, 2004 6:59 pm

Windows. I'm sure it's IE.

AceCombat · Post by **AceCombat** » Tue Aug 03, 2004 7:03 pm

recommended course of correction?

*NOTE* Formatting is not a option....

CDN_Merlin · Post by **CDN_Merlin** » Tue Aug 03, 2004 7:33 pm

You using ICS or the built in Firewall?

AceCombat · Post by **AceCombat** » Wed Aug 04, 2004 1:26 pm

CDN_Merlin wrote:You using ICS or the built in Firewall?

third party.....ZA Pro V3.5

STRESSTEST · Post by **STRESSTEST** » Wed Aug 04, 2004 3:35 pm

behind that linksys you have?

AceCombat · Post by **AceCombat** » Wed Aug 04, 2004 4:19 pm

yes....problem with that?

anyways i fixed it.......

it was AdSubtract, a option was checked for it to assign a proxy for AdSubtract to use while IE was open....it assigned that same Proxy to LAN Settigns.

AceCombat · Post by **AceCombat** » Thu Aug 05, 2004 8:07 pm

looks like another problem surfaced.....

a time released virus or something of the sort has buried itself deep under cover to the point that NAV 04 Pro couldnt pick it up.......

formatting is the only option because NAV 04 still cant find the source..

Jagger · Post by **Jagger** » Fri Aug 06, 2004 12:53 pm

If NAV hasn't picked anything up, how do you know it's a virus?

And I'm sure you're using the latest definitions...

AceCombat · Post by **AceCombat** » Fri Aug 06, 2004 12:59 pm

Jagger wrote:If NAV hasn't picked anything up, how do you know it's a virus?

And I'm sure you're using the latest definitions...

because everytime the damn thing boots, the orignal package releases the virus, and NAV picks that up.....

its BLOODHOUND.PACKER....i just cant find the original package that is delivering the payload.

Wolf on Air · Post by **Wolf on Air** » Fri Aug 06, 2004 1:10 pm

As I recall, Bloodhound is the name for NAV's huerestics system. Such systems do misfire, it's not at all certain it's a virus. From the "packer" bit, I'd surmise it's detected some form of executable compressor it's not familiar with, and is taking the paranoid route.

AceCombat · Post by **AceCombat** » Sat Aug 07, 2004 7:43 pm

well im adjusting all the bloodhound options and seeing what i can do.......ive already tried the manual removing options stated on the Response website.

still is present.....and it seems to be releasing the package when IE 6 is opened and sometimes when booting the laptop itself

Jagger · Post by **Jagger** » Mon Aug 09, 2004 2:05 pm

Wolf on Air wrote:As I recall, Bloodhound is the name for NAV's huerestics system.

You are correct. According to Symantec, Bloodhound exploits typically reside in Portable Executable(PE) files.

I've only seen this a couple of times, and it was a long time ago.

*JBOMB* · Post by ***JBOMB*** » Wed Aug 11, 2004 6:00 pm

there is a program called "HiJack This" that will get rid of registry entries that redistribute their packages everytime the system re-boots.

However..."HiJack This" also shows you all the things you want in the registry as well.

The folks at lavasoft can translate your hijack thislog and tell you what you want to remove. You need to follow their rules of engagement though.

you need to post your adaware log...then have them direct you to the hijack this forum.

I went through this process with them over the course of 2 days and it was well worth the trouble..

They were able to help me correct my issues without having to reformat.

http://www.lavasoftsupport.com/