Page 1 of 1
Crazy Laptop
Posted: Tue Aug 03, 2004 6:35 pm
by AceCombat
my brothers laptop is acting very funny......
everytime it is restarted.....something keeps enabling LAN Proxy and Internet Connection Proxy settings.....
ive run Spybot 4 times, AdAware 5 times, and NAV 2k4 4 times......each run comes up clean...
WTF is turning those two options back on?
Posted: Tue Aug 03, 2004 6:59 pm
by CDN_Merlin
Windows. I'm sure it's IE.
Posted: Tue Aug 03, 2004 7:03 pm
by AceCombat
recommended course of correction?
*NOTE* Formatting is not a option....
Posted: Tue Aug 03, 2004 7:33 pm
by CDN_Merlin
You using ICS or the built in Firewall?
Posted: Wed Aug 04, 2004 1:26 pm
by AceCombat
CDN_Merlin wrote:You using ICS or the built in Firewall?
third party.....ZA Pro V3.5
Posted: Wed Aug 04, 2004 3:35 pm
by STRESSTEST
behind that linksys you have?
Posted: Wed Aug 04, 2004 4:19 pm
by AceCombat
yes....problem with that?
anyways i fixed it.......
it was AdSubtract, a option was checked for it to assign a proxy for AdSubtract to use while IE was open....it assigned that same Proxy to LAN Settigns.
Posted: Thu Aug 05, 2004 8:07 pm
by AceCombat
looks like another problem surfaced.....
a time released virus or something of the sort has buried itself deep under cover to the point that NAV 04 Pro couldnt pick it up.......
formatting is the only option because NAV 04 still cant find the source..
Posted: Fri Aug 06, 2004 12:53 pm
by Jagger
If NAV hasn't picked anything up, how do you know it's a virus?
And I'm sure you're using the latest definitions...
Posted: Fri Aug 06, 2004 12:59 pm
by AceCombat
Jagger wrote:If NAV hasn't picked anything up, how do you know it's a virus?
And I'm sure you're using the latest definitions...
because everytime the damn thing boots, the orignal package releases the virus, and NAV picks that up.....
its BLOODHOUND.PACKER....i just cant find the original package that is delivering the payload.
Posted: Fri Aug 06, 2004 1:10 pm
by Wolf on Air
As I recall, Bloodhound is the name for NAV's huerestics system. Such systems do misfire, it's not at all certain it's a virus. From the "packer" bit, I'd surmise it's detected some form of executable compressor it's not familiar with, and is taking the paranoid route.
Posted: Sat Aug 07, 2004 7:43 pm
by AceCombat
well im adjusting all the bloodhound options and seeing what i can do.......ive already tried the manual removing options stated on the Response website.
still is present.....and it seems to be releasing the package when IE 6 is opened and sometimes when booting the laptop itself
Posted: Mon Aug 09, 2004 2:05 pm
by Jagger
Wolf on Air wrote:As I recall, Bloodhound is the name for NAV's huerestics system.
You are correct. According to Symantec, Bloodhound exploits typically reside in Portable Executable(PE) files.
I've only seen this a couple of times, and it was a long time ago.
Posted: Wed Aug 11, 2004 6:00 pm
by *JBOMB*
there is a program called "HiJack This" that will get rid of registry entries that redistribute their packages everytime the system re-boots.
However..."HiJack This" also shows you all the things you want in the registry as well.
The folks at lavasoft can translate your hijack thislog and tell you what you want to remove. You need to follow their rules of engagement though.
you need to post your adaware log...then have them direct you to the hijack this forum.
I went through this process with them over the course of 2 days and it was well worth the trouble..
They were able to help me correct my issues without having to reformat.
http://www.lavasoftsupport.com/