Program Transfer

Discussion in 'malware problems & news' started by zrs_12, Aug 6, 2008.

Thread Status:
Not open for further replies.
  1. zrs_12

    zrs_12 Registered Member

    Joined:
    Jul 11, 2008
    Posts:
    6
    My friend is having a serious security issue. He was on MSN messenger trying to help someone get rid of bloodhound.exe (a keylogger). He sent them hijackthis.exe and they ran it and saved a log file. They tried to send him the log file via MSN messenger. It would almost get done transfering and then say "Error: Cannot read from source file or disk.". This would abort the transfer. The icon would show up on his desktop but it was not a log file, it was a .lnk. When he tried to open it, Norton would pop up and say, "Name: bloodhound.exe, Count: 2, location: (somewhere in temp)". Then they tried just copying and pasting the text from the log file to MSN messenger and sending it that way. He copied and pasted the pieces of the log file into a .txt file and then tried to save it. Norton again said "Name: bloodhound.exe, Count: 2, location: (somewhere in temp)". How could this copy and paste of textsend a program. Remember, this is just the text of the file, not the file. This has us stumped. Thanks in advance, zrs_12
     
  2. PiCo

    PiCo Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    352
    Location:
    Athens, Greece
    I got confused, they try to send him the hijackthis log or the bloodhound.exe with changed extension to .txt? For example bloodhound.txt.

    If it is the first case I think there is certain string in the log that annoys Norton, but I can't imagine what that could be!

    You could temporarily disable Norton of scanning .txt files.

    PM me if you can the log file! I'm curious!
     
  3. zrs_12

    zrs_12 Registered Member

    Joined:
    Jul 11, 2008
    Posts:
    6
    They try to send him the .log file that hijackthis created. I'll see if I can get the log.
     
  4. Carneyride

    Carneyride Registered Member

    Joined:
    Jun 14, 2008
    Posts:
    13
    Location:
    north east texas
    Any idea why? bloodhound.exe

    i have gotten multiple bloodhound.exe symantec autodetect results, and i recently got a double count of a virus that steals gaming account information

    this is unsettling as i play WoW

    yes i am the friend Zrs_12 posted about
    pm me for my hijackthis file if you so choose to show the interest, any ideas?

    also.. i have a large svchost running
    i have 2 counts of wuauclt.exe running
    i recently had some ports forwarded for hosting a server, i shut them after this started happening...
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Re: Any idea why? bloodhound.exe

    Not to want to put you off, because there's a wealth of information here, but you should take note of this thread.
    I'd have a scan with a good antispyware like Superantispyware and/or MBAM
    As for analysis of the log, or what cause the events described, I'll leave that to the experts.
    I'm aware there are quite a number of hackers targeting wow because it's quite lucrative to sell assets for real $.
    PS check your pm's.
     
Thread Status:
Not open for further replies.