Bloodhound.Boot.String virus Infection
Created: 01 Oct 2012 | Updated: 27 Nov 2012 | 16 comments
This issue has been solved. See solution.
Last from 1 month we are facing a problem with Bloodhound.Boot.String. We have already Run the NTP and done the safe mode scan to all the system(Around 15 system got infected by same virus) but again and again it reoccurring.All the system are Windows XP.
Please suggest.
Details:-
OS
Windows XP Professional
Virus Name
Bloodhound.Boot.String
File\Entry
Master Boot Record for Physical drive number 0
Discussion Filed Under:
Comments 16 Comments • Jump to latest comment
You need to do a repair on the MBR. Check this on how to do it:
http://pcsupport.about.com/od/fixtheproblem/ht/rep...
https://www-secure.symantec.com/norton-support/jsp...
SEP Knowledge Base
Endpoint SWAT
check this article
https://www-secure.symantec.com/connect/blogs/how-backup-and-restore-mbr
you need to clean the boot record
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hello,
Bloodhound.Boot.String is a heuristic detection for processes based on certain attributes.
We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.
Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.
AND
I would suggest you to run the SERT Utility in this Issue.
If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool. The tool is free, so there is no need for a Fileconnect account to download the software.
Reference:
Is your system infected? Symantec tools to help clear an infection
Secondly, I would also suggest you to create a case with Symantec Technical Support.
To Create a Case with Symantec Technical Support.
How to create a new case in MySupport
http://www.symantec.com/business/support/index?page=content&id=TECH58873
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi Brian81,
Thanks but how we can trace the root cause analysis.
What could be the reason for it?
And there are around or more then 15 system on remote place so this is very difficult to go with above step.
Is there any other option through which we can solve this case?
Thanks & Regards,
Nagesh Singh
You can use Risk Tracer
How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection
http://www.symantec.com/business/support/index?pag...
SEP Knowledge Base
Endpoint SWAT
tried but found nothing.
Thanks & Regards,
Nagesh Singh
If the MBR has been replaced with an infected one, the only way is to manually repair.
SEP Knowledge Base
Endpoint SWAT
the boot record itself seems to be affected, suggest to open a support ticket.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Thanks Mithun,
In this case we are not able to find any file. We are getting
Master Boot Record for Physical drive number 0 in file Path so what we should submit to security support team.
Is there any other solution apart from NPE OR SERT OR MBR Recovery?
Thanks & Regards,
Nagesh Singh
Hello,
To submit the MBR record to the Symantec Security Response, check this Article:
How to collect Master Boot Record for submission to Symantec Security Response
http://www.symantec.com/docs/TECH93277
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
you need to manually repair the MBR
https://www-secure.symantec.com/connect/blogs/how-backup-and-restore-mbr
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
hi,
I have collect the MBR file through MBRutil. Now i want ot read it.
can you Please help me in this?
Thanks & Regards,
Nagesh Singh
have you submitted the file to Security Response?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
hi,
You can submit this file
I would request you to submit these files to the Symantec Security Team on
https://submit.symantec.com/essential
and
http://www.threatexpert.com/submit.aspx
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thanks ashish,
But if i want to read then which tools I have to use it?+
Thanks & Regards,
Nagesh Singh
Hi,
Check this non symantec document may be help
Easy way to read MBR?
http://www.miljan.org/main/2007/09/05/easy-way-to-read-mbr/
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Would you like to reply?
Login or Register to post your comment.