Jump to content


Photo

Bloodhound.Overpacked detected in Ad-aware.exe


  • Please log in to reply
7 replies to this topic

#1 JMMD

JMMD

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 12 December 2006 - 10:49 PM

Anyone else getting this? When norton scanned today it showed Ad-aware.exe as have the Bloodhound.Overpacked trojan and Quarantined it. Symantec's info on the trojan does really help much.

Discovered: January 19, 2004
Updated: January 20, 2004 10:12:08 AM PST
Type: Trojan Horse, Virus, Worm
Infection Length: various
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as Bloodhound.Overpacked.

Symantec antivirus products exclusively use the virus name Bloodhound.Overpacked when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.

Bloodhound.Overpacked is only detected in Portable Executable (PE) files. Bloodhound.Overpacked can detect any file that has been packed many times.

ProtectionVirus Definitions (LiveUpdate™ Weekly) January 21, 2004
Virus Definitions (Intelligent Updater) January 19, 2004
Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low

Edited by JMMD, 12 December 2006 - 10:51 PM.


#2 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 13 December 2006 - 07:09 AM

Anyone else getting this? When norton scanned today it showed Ad-aware.exe as have the Bloodhound.Overpacked trojan and Quarantined it. Symantec's info on the trojan does really help much.

Discovered: January 19, 2004
Updated: January 20, 2004 10:12:08 AM PST
Type: Trojan Horse, Virus, Worm
Infection Length: various
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as Bloodhound.Overpacked.

Symantec antivirus products exclusively use the virus name Bloodhound.Overpacked when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.

Bloodhound.Overpacked is only detected in Portable Executable (PE) files. Bloodhound.Overpacked can detect any file that has been packed many times.

ProtectionVirus Definitions (LiveUpdate™ Weekly) January 21, 2004
Virus Definitions (Intelligent Updater) January 19, 2004
Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low

What year of norton do you have (2004 2005 2006 2007?), do you have the plain anti-virus, internet security, or system works? Also, what is the date on the virus definitions that detected this? (or your current definition’s date, if you are uncertain of the date of the definitions that detected it)

#3 kwai

kwai

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 16 December 2006 - 06:17 PM

norton has also detected this on ad-aware.exe on my pc
i have norton internet security 2005, the virus definitions i have is dated 13/12/2006
it didnt detect the bloodhound.overpacked through a scan. i got a popup message from norton.
i have full system scanned the pc and nothings come up
some pics:
Posted Image
Posted Image

Edited by kwai, 16 December 2006 - 06:18 PM.


#4 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 18 December 2006 - 12:28 AM

Hmm.... 2005 is the older scan engine, but it should be functionally equivalent to 2006 in terms of detections. Also the 2005 version only updates once a week, so it won't change in detection till Wednesday. Please go into your norton quarantine and get details for the backup of this file, find the exact file size an post back here. While you are there, you may also want to try choosing to submit the file to symantec (be sure to include your email address so you can receive a reply), if they reply, post it here.

#5 msnide

msnide

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 December 2006 - 08:55 PM

Adaware.exe is being quarantined by my anti-virus also. I have the Enterprise Edition of Symantec Antivirus, V10. This has happened twice now. The first time I reinstalled ad-aware. Submitted to Symantec.



Type: Trojan Horse, Virus, Worm
Infection Length: various
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Symantec antivirus products exclusively use the virus name Bloodhound.Overpacked when a potentially unknown virus is found using Symantec Bloodhound technology. Bloodhound technology consists of heuristic algorithms used to detect unknown viruses. The actual file detected under Bloodhound.Overpacked is likely to be infected with a new, packed, 32-bit Windows virus.

Bloodhound.Overpacked is only detected in Portable Executable (PE) files. Bloodhound.Overpacked can detect any file that has been packed many times.

#6 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 29 December 2006 - 09:12 PM

Adaware.exe is being quarantined by my anti-virus also. I have the Enterprise Edition of Symantec Antivirus, V10. This has happened twice now. The first time I reinstalled ad-aware. Submitted to Symantec.

This may be a sign that ad-aware is infected with a file infector virus, let us know when symantec emails you back with their analysis.

#7 msnide

msnide

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 December 2006 - 10:15 PM

Here is the automated response from Symantec, but not explanation on why the file is being quarantined, or how to make it stop:




Below is a status update on your virus submission:

Date: December 29, 2006


Dear ,

We have analyzed your submission. The following is a report of our findings for each file you have submitted:

filename: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
machine: M-OFFICE
result: This file is clean

Developer notes:
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe is clean and non-malicious.


We have determined that no virus exists on the samples provided.

#8 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 30 December 2006 - 02:41 AM

Here is the automated response from Symantec, but not explanation on why the file is being quarantined, or how to make it stop:
Below is a status update on your virus submission:

Date: December 29, 2006
Dear ,

We have analyzed your submission. The following is a report of our findings for each file you have submitted:

filename: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
machine: M-OFFICE
result: This file is clean

Developer notes:
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe is clean and non-malicious.
We have determined that no virus exists on the samples provided.

I suggest you contact symantec tech support, use the email or live chat, as they are free. Be sure to mention the reference number from the submission email.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users