Vidéos d'aide de Screencast

Bloodhound.Boot.String virus Infection

Created: 01 Oct. 2012 • Updated: 27 Nov. 2012 | 16 comments
Ce problème a été résolu. Voir la solution.

Last from 1 month we are facing a problem with Bloodhound.Boot.String. We have already Run the NTP and done the safe mode scan to all the system(Around 15 system got infected by same virus) but again and again it reoccurring.All the system are Windows XP.

Please suggest.

Details:-

OS
Windows XP Professional

Virus Name
Bloodhound.Boot.String

File\Entry

Master Boot Record for Physical drive number 0

Commentaires CommentairesAccéder au dernier commentaire

l'image des Brɨan

You need to do a repair on the MBR. Check this on how to do it:

http://pcsupport.about.com/od/fixtheproblem/ht/rep...

https://www-secure.symantec.com/norton-support/jsp...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Mithun Sanghavi

Hello,

Bloodhound.Boot.String is a heuristic detection for processes based on certain attributes. 

We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

AND

I would suggest you to run the SERT Utility in this Issue.

If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively. The Consumer version of this tool is the Norton Bootable Recovery Tool.  The tool is free, so there is no need for a Fileconnect account to download the software.

Reference:

Is your system infected? Symantec tools to help clear an infection

Secondly, I would also suggest you to create a case with Symantec Technical Support.

To Create a Case with Symantec Technical Support.

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-
 
Regional Support Telephone Numbers:
 
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
 

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

l'image des Nagesh Singh

Hi Brian81,

Thanks but how we can trace the root cause analysis.

What could be the reason for it?

And there are around or more then 15 system on remote place so this is very difficult to go with above step.

Is there any other option through which we can solve this case?

Thanks & Regards,

Nagesh Singh

l'image des Brɨan

You can use Risk Tracer

How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection

http://www.symantec.com/business/support/index?pag...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Nagesh Singh

 tried but found nothing.

Thanks & Regards,

Nagesh Singh

l'image des Brɨan

If the MBR has been replaced with an infected one, the only way is to manually repair.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des pete_4u2002

the boot record itself seems to be affected, suggest to open a support ticket.

l'image des Nagesh Singh

Thanks Mithun,

In this case we are not able to find any file. We are getting

Master Boot Record for Physical drive number 0 in file Path so what we should submit to security support team.

Is there any other solution apart from NPE OR SERT OR MBR Recovery?

Thanks & Regards,

Nagesh Singh

l'image des Mithun Sanghavi

Hello,

To submit the MBR record to the Symantec Security Response, check this Article:

How to collect Master Boot Record for submission to Symantec Security Response

http://www.symantec.com/docs/TECH93277

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
l'image des Nagesh Singh

hi,

I have collect the MBR file through MBRutil. Now i want ot read it.

can you Please help me in this?

Thanks & Regards,

Nagesh Singh

l'image des Ashish-Sharma

hi,

You can submit this file

I would request you to submit these files to the Symantec Security Team on 

https://submit.symantec.com/essential

and 

http://www.threatexpert.com/submit.aspx

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Thanks In Advance

Ashish Sharma

l'image des Nagesh Singh

Thanks ashish,

But if i want to read then which tools I have to use it?+

Thanks & Regards,

Nagesh Singh

l'image des Ashish-Sharma

Hi,

Check this non symantec document may be help

Easy way to read MBR?

http://www.miljan.org/main/2007/09/05/easy-way-to-read-mbr/

Thanks In Advance

Ashish Sharma