Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

scan engine detect toujours des Bloodhound.exploit.343

Created: 13 Nov 2012 • Updated: 21 Nov 2012 | 8 comments
Logidas-manager's picture
This issue has been solved. See solution.

Bonjour,

Aprés l'installation des différents client Symantec Endpoint 12.1 et aprés avoir effectuer une analyse complete des différents PC du parc informatique certain client continue à détécter des virus heuristique Bloodhound.exploit.343.

Je voulais savoir si il y a une solution pour en finir completement avec ce genre de threat (des symantec tools, une stratégie a suivre...) surtout que ca devient génant pour les utilisateurs des postes surlesquels se trouve le client Symantec Endpoint 12.1.

Merci d'avance pour votre aide.

Cordialement,

Comments 8 CommentsJump to latest comment

.Brian's picture

What is the action being taken on the alert? Deleted? Cleaned? Quarantined?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Logidas-manager's picture

Hi Brian81,

The action being taken on the alert is Deleted.

.Brian's picture

Is the file path being referenced?

Is your conern that this may be a false positive or that it is re-occuring?

Since the infection is being deleted, this is a good thing but it sounds like it may continue to come back?

Have you run a full scan with latest definitions in safe mode?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Logidas-manager's picture

yes the file path is being referenced, actually it's the same folder but the threat its subfolder location every time.

I have run a full scan with the lastest definitions but not in safe mode.

Simpson Homer's picture

 

Bloodhound.Exploit.343

 
MANUAL REMOVAL
The following instructions pertain to all current Symantec antivirus products.

1. Performing a full system scan
How to run a full system scan using your Symantec product

2. Restoring settings in the registry
Many risks make modifications to the registry, which could impact the functionality or performance of the compromised computer. While many of these modifications can be restored through various Windows components, it may be necessary to edit the registry. See in the Technical Details of this writeup for information about which registry keys were created or modified. Delete registry subkeys and entries created by the risk and return all modified registry entries to their previous values.

 

 

Chetan Savade's picture

 

Salut,
 
Il est important de savoir quelles mesures Symantec prend contre cette détection.
 
Pourriez-vous s'il vous plaît joindre journaux de risque à ce fil.
 
Aller à la SEP client GUI -> Voir les journaux - Virus> & Spyware Protection - journaux risques>
 
Comme tout le monde dit, passer par cette écriture aussi.
 
http://www.symantec.com/security_response/writeup.jsp?docid=2010-072310-4337-99&tabid=3
 
Si l'analyse du système ne résout pas le problème, vous pouvez essayer l'une des options disponibles ci-dessous.
 
Puissance guide de l'utilisateur gomme.
 
http://www.symantec.com/theme.jsp?themeid=spe-user ...
 
Voici l'emplacement de l'outil de Symantec Endpoint Protection soutien:
 
http://www.symantec.com/business/support/index?pag ...
 
Outil Symantec Endpoint Recovery (SERT) Télécharger vient comme une norme ISO (image disque). Comment puis-je l'utiliser?
 
http://www.symantec.com/docs/TECH131685
 
Toujours suivre les meilleures pratiques
 
http://www.symantec.com/docs/TECH122466

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Logidas-manager's picture

Thank you Rafeeq for your help, a full scan in safe mode has solve the problem.

Thank you Simpson Homer for your contribution this may be very helpful in some other problem with Bloodhound.Exploit.343.

Merci Chetan Savade pour vos conseils qui peuvent etre trés utils pour d'autres eventuels risques.

 

Cordialement,