When Norton identified the Bloodhound the 'removal instructions' from Symantec said I should download a patch from Microsoft (Microsoft Security Bulletin MS04-013) by clicking on the link, which I did. As described the download would not 'load'
Ok, did you make sure to download the correct one? I think there were about 5 different ones listed for different system configurations? And to me, that can be pretty confusing. I, almost always, pick the first one in the list ... .
Did it download ok, but just wouldn't install? Did it give a specific error message that we can GOOGLE for possibly more information?
I'd have to do a little more research on that particular 'exploit', but i'm thinking this patch will prevent it from getting onto your system, not remove it, once it's there. Did Norton's safetly remove it from your system?
If all else fails, we might need to re-install Outlook Express 6.
As far as I know I downloaded the right one i.e for Windows XP, Outlook Express 6. It downloads to 99% then I get the message ' This update requires Outlook Express 6 to be installed'
The message I get from Norton in the 'virus alert' section says 'access denied' and 'repair failed', so I presume Norton could not remove it.
I'm now thinking about starting up in safe mode and doing a scan and see what that brings up. I have to disable System Restore as well but can you tell me if if I have to do that first, shut down, then start up again in safe mode or start up in safe mode and then disable System Restore?
I'm still doing some research for you on the problem. What's interesting, My Outlook Express says version 6.x, but I still have options available from 5.x (instead of the newer 6.x ones); it's almost like I have a 'mixed-mashed' version. I have WindowsXP with both SP1+SP2 installed; I tried the same update. I received the error message "This update requires Outlook Express 6.0 SP1 to be installed", which obviously is incorrect. So I think it's looking for a particular piece of code or a specific file, if it's already there or has been patched, i'm guessing it'll return a generic message without saying - "It's already patched". I'm thinking this is a problem in the 'simplistic' way the patching programs determine if they're required on not.
I've read an article where if your running InternetExplorer with SP1, you should already be protected. But, based on what i'm beginning to see, it's hard to be confident with these patch 'solutions', since, on occassion, a patched system will continue to have the same problem.
I'd disable restore before you reboot into safe mode. Be sure after you clean everything up, to re-enable it, then manually set a restore point, just in case something happens and you need to 'restore' back before the system creates one for you.
Do you know how or when you might've picked up the 'exploit'? Are you running any firewalls?
Yes your explanation as to why I'm getting that message certainly makes sense and would explain a lot of things.
I have SP1 but not SP2.
I have yet to do the 'safe mode/ system restore' thing as to be honest I am a complete novice at all this, and although I've printed out all the instructions on how to do it I've yet to take the plunge!! A bit of a 'bottle out' situation going on here!
Regarding how I got this trojan (and the Trojan.Byte verify and the other two unnamed) is a mystery to me, but I think it was by viewing websites (I am not the only person using the computer). I have certainly never downloaded anything I did not know the origin of. I did have a firewall at one stage but it stopped other things working so I uninstalled it.
The 'trojan.byteverify' is a java-app that is 'embedded' in the webpage someone was viewing. Each time you visit that particular website, or other websites that do the same, you could get it again. Set your browser's "Scripting of Java Applets" to "prompt"; and the "Java VM/ Java permissions" to "high safety". That way, you can see who's wanting to run what through your "Internet Explorer" browser. Then if it 'pops' up again when the webpage is displayed, you'll know which one to avoid.
If you not running a firewall, i'd at least turn on the one for windows; ICF. The nice feature of a 3-rd party firewall is, it let's you know which programs, that are already on your computer, are trying to gain access to the internet. Alot of hackers will 'exploit' the vunerabilities of the Windows operating system without something there to 'stop' them. I hightly recommend firewalls.
If you decide to reinstall/ run a 3-rd party firewall, and your having some problems with it, just post back here and someone will be glad to help.
msgale
2 Intern
•
2.5K Posts
0
September 22nd, 2004 21:00
Midnight Star
4.8K Posts
0
September 22nd, 2004 21:00
Clarrie,
Did you read about the patch from Symantec "removal instructions" for the exploit and get the patch from Microsoft by clicking on the link?
Mike.
Clarrie
8 Posts
0
September 23rd, 2004 19:00
Clarrie
8 Posts
0
September 23rd, 2004 19:00
Hi Mike
Yes
C.
Midnight Star
4.8K Posts
0
September 23rd, 2004 23:00
Clarrie,
Ok, did you make sure to download the correct one? I think there were about 5 different ones listed for different system configurations? And to me, that can be pretty confusing. I, almost always, pick the first one in the list ...
.
Did it download ok, but just wouldn't install? Did it give a specific error message that we can GOOGLE for possibly more information?
I'd have to do a little more research on that particular 'exploit', but i'm thinking this patch will prevent it from getting onto your system, not remove it, once it's there. Did Norton's safetly remove it from your system?
If all else fails, we might need to re-install Outlook Express 6.
Mike.
Clarrie
8 Posts
0
September 25th, 2004 12:00
Mike,
As far as I know I downloaded the right one i.e for Windows XP, Outlook Express 6. It downloads to 99% then I get the message ' This update requires Outlook Express 6 to be installed'
The message I get from Norton in the 'virus alert' section says 'access denied' and 'repair failed', so I presume Norton could not remove it.
I'm now thinking about starting up in safe mode and doing a scan and see what that brings up. I have to disable System Restore as well but can you tell me if if I have to do that first, shut down, then start up again in safe mode or start up in safe mode and then disable System Restore?
Thanks for your help,
C
Midnight Star
4.8K Posts
0
September 25th, 2004 13:00
Clarrie,
I'm still doing some research for you on the problem. What's interesting, My Outlook Express says version 6.x, but I still have options available from 5.x (instead of the newer 6.x ones); it's almost like I have a 'mixed-mashed' version. I have WindowsXP with both SP1+SP2 installed; I tried the same update. I received the error message "This update requires Outlook Express 6.0 SP1 to be installed", which obviously is incorrect. So I think it's looking for a particular piece of code or a specific file, if it's already there or has been patched, i'm guessing it'll return a generic message without saying - "It's already patched". I'm thinking this is a problem in the 'simplistic' way the patching programs determine if they're required on not.
I've read an article where if your running InternetExplorer with SP1, you should already be protected. But, based on what i'm beginning to see, it's hard to be confident with these patch 'solutions', since, on occassion, a patched system will continue to have the same problem.
I'd disable restore before you reboot into safe mode. Be sure after you clean everything up, to re-enable it, then manually set a restore point, just in case something happens and you need to 'restore' back before the system creates one for you.
Do you know how or when you might've picked up the 'exploit'? Are you running any firewalls?
Mike.
Clarrie
8 Posts
0
September 27th, 2004 21:00
Hi Mike,
Yes your explanation as to why I'm getting that message certainly makes sense and would explain a lot of things.
I have SP1 but not SP2.
I have yet to do the 'safe mode/ system restore' thing as to be honest I am a complete novice at all this, and although I've printed out all the instructions on how to do it I've yet to take the plunge!! A bit of a 'bottle out' situation going on here!
Regarding how I got this trojan (and the Trojan.Byte verify and the other two unnamed) is a mystery to me, but I think it was by viewing websites (I am not the only person using the computer). I have certainly never downloaded anything I did not know the origin of. I did have a firewall at one stage but it stopped other things working so I uninstalled it.
Clarrie
Midnight Star
4.8K Posts
0
September 27th, 2004 21:00
Hey Clarrie!,
The 'trojan.byteverify' is a java-app that is 'embedded' in the webpage someone was viewing. Each time you visit that particular website, or other websites that do the same, you could get it again. Set your browser's "Scripting of Java Applets" to "prompt"; and the "Java VM/ Java permissions" to "high safety". That way, you can see who's wanting to run what through your "Internet Explorer" browser. Then if it 'pops' up again when the webpage is displayed, you'll know which one to avoid.
If you not running a firewall, i'd at least turn on the one for windows; ICF. The nice feature of a 3-rd party firewall is, it let's you know which programs, that are already on your computer, are trying to gain access to the internet. Alot of hackers will 'exploit' the vunerabilities of the Windows operating system without something there to 'stop' them. I hightly recommend firewalls.
If you decide to reinstall/ run a 3-rd party firewall, and your having some problems with it, just post back here and someone will be glad to help.
Mike.
Clarrie
8 Posts
0
September 30th, 2004 18:00
Mike,
I will do all those things you suggest.
Many thanks for being so helpful and informative, I really appreciate it!
Clarrie