Sponsor for PC Pals Forum

Author Topic: Bloodhound virus  (Read 1449 times)

Offline nilsatis

  • Regular Member
  • **
  • Posts: 65
Bloodhound virus
« on: April 21, 2005, 10:15 »
Hi,
    My anti virus scan has revealed a bloodhound virus but cannot repair it, when I go on the net it automatically downloads porn and charges me, any help would be great.

Andy

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Bloodhound virus
« Reply #1 on: April 21, 2005, 10:44 »
Hi Andy,

Which anti virus software are you using, and is it up to date?  There is some information about removing 'Bloodhound' stuff here.  It seems to be a type of virus, rather than actually being a virus called 'Bloodhound', if that makes sense.

What you could try first, is temporarily turn off System Restore (XP/ME), then run your virus scanner in Safe Mode.  Also run some spyware scanners, such as Ad Aware and Spybot, as they may also help, then get Spyware Blaster, which should protect your PC from future spyware.

Ad Aware
Spybot S&D
Spyware Blaster
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline nilsatis

  • Regular Member
  • **
  • Posts: 65
Bloodhound virus
« Reply #2 on: April 23, 2005, 07:03 »
Hi Simon, I have Norton and am trying to update it, I am also trying to get the S&D stuff you posted but every time I start downloading it goes off because my homepage keeps changing to some other homepage such as pureseek or XXX.
I am on dial up so downloading is slow any ideas?

This is the homepage I keep getting  u9ix5WZ as a reset.

Andy

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Bloodhound virus
« Reply #3 on: April 23, 2005, 09:33 »
OK, it sounds like your IE has been hijacked, and it will keep coming back until the problem is removed.  I would suggest running Hijack This, or X-Ray PC to see if they can remove that entry, or any others which look iffy, e.g. that you know shouldn't be there, like Pureseek or XXX.  If you can then get online long enough to download Spybot S&D, that has an IE Home Page Guard, which should prevent the home page being changed.

Otherwise, it looks like you will need to 'borrow' the use of another machine, with which to download Firefox as an alternative browser (or buy a PC magazine with a free cover disc - usually Firefox is included on these).  Put this on a CD, which you can then load onto your machine, without going online.  Firefox shouldn't be affected by the IE hijack, so try going online, using Firefox, and download Ad Aware and Spybot again.  If successful, check both for updates, and run them in Safe Mode.  If that does the trick, install Spyware Blaster and make sure you enable all protection.  This will also need periodically updating, unless you pay for the auto updates, which is worthwhile as it's only about a fiver.  

Spybot and Spyware Blaster also have IE home page guards, so hopefully that should stop you getting hijacked again.  Hope that helps - come back to us if I've missed anything, or you need further help.

P.S.  It might also pay to download and run Cool Web Shredder (CWShedder), as that is quite persistent spyware, which the others may not remove.  All links below, and link to Firefox in my sig:-

Ad Aware
Spybot S&D
Spyware Blaster
CoolWeb Shredder
Hijack This
x-raypc
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline nilsatis

  • Regular Member
  • **
  • Posts: 65
Bloodhound virus
« Reply #4 on: April 24, 2005, 10:08 »
Thanks Simon, I tried everything and its not worked, I am going to have to get some pro to sort it.
Andy

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Bloodhound virus
« Reply #5 on: April 24, 2005, 10:29 »
I just did a quick Google search for 'u9ix5WZ', and having translated a couple of pages, there is an indication that this could be a dialler.  Have you checked in your Network Connections to see if there is anything there which shouldn't be?
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline nilsatis

  • Regular Member
  • **
  • Posts: 65
Bloodhound virus
« Reply #6 on: April 24, 2005, 11:16 »
Yes and theres nothing there apart form freeserve, when I am on the internet its fine for a few minutes then the homepage redirects to that number or to a xxx porn thing,I have to go to internet connections and manually delete them.
The internet then wont connect unless I close everything down and start again.

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Bloodhound virus
« Reply #7 on: April 24, 2005, 12:07 »
Try a search for blmxsk.exe and delete it if found, that worked for one person on one forum and another found that norton wouldnt find and remove it but AVG did so you could try downloading AVG and running that, maybe an idea to uninstall norton before you install AVG.
It often seems to be associated with another file uxDbvu.EXE so try searching for that too.
Good luck  :)

Offline nilsatis

  • Regular Member
  • **
  • Posts: 65
Bloodhound virus
« Reply #8 on: April 25, 2005, 09:39 »
Thanks everyone who tried to help but nothing is working, I will have to take it to a shop and get it looked at.
I cant have explicit porn popping up in front of the kids.

Andy

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Bloodhound virus
« Reply #9 on: April 25, 2005, 13:57 »
It certainly sounds as if it's a version of coolwebsearch Andy.  I can't think of anything else that could be so tenacious.   :cry:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Bloodhound virus
« Reply #10 on: April 25, 2005, 16:06 »
I have just installed Xoftspy and ran a scan and it found and removed a dialler that I wasnt even aware of  :shock:

its avaliable from here :

http://www.paretologic.com/products.aspx

I only have version 4.09 but the latest version is 4.12, although it has updated to the latest definitions to 22nd april.

You can run a free scan which should identify any problems but wont remove them until its been registered.

Of course it may identify and remove a non existant dialler to encourage sales but I came across it from a review of similar programs and it scored the highest, thats why I decided to give it a try  :)

If you havent already taken your pc in to be fixed Andy it may be worth you giving it a try first, by the way I sent you an email to your hotmail addy  :wink:

Offline Sandra

  • Ultimate Member
  • *******
  • Posts: 12155
Bloodhound virus
« Reply #11 on: April 25, 2005, 16:36 »
I just installed and ran it on my other pc and it didnt find a dialler on that one so it may have been a genuine one on this pc  :shock:
It found Cydoor, which probably came in with exeem and 4 cookies that were data miners but nothing really nasty  :)

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Bloodhound virus
« Reply #12 on: April 25, 2005, 17:06 »
The more anti-spyware programs I try, then less faith I have in most of them!  Xoftspy claims to find 3 instances of coolwebsearch on my machine, but Hijack This, CWShredder, Ad Aware, Spybot, and Adware Spy all report nothing.  I suspect, as Sandra implied, that these were identified to enhance sales, and the program may well randomly 'identify' known spyware, to scare people into buying the software.  However, the program may well be genuine, and may well find stuff the others missed.  Verdict:- Open.  ;)
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:


Show unread posts since last visit.
Sponsor for PC Pals Forum