Not what you were looking for? Ask our experts!
Reply
Newbie
carruthe
Posts: 4
Registered: ‎10-15-2009

Bloodhound.Exploit.13 Warning

For a while now, whenever I run Windows Live Photo Gallery, I constantly get warning messages that Autoprotect has blocked a heuristic virus called "Bloodhound.Exploit.13" (the filename is usually something like "~03_smooth.tmp").  I have run several full system scans which have found nothing.  I figured it was a false positive, but I have recently noticed that whenever I use Windows Live Photo Gallery to add a tag or change a caption on a photo, my LZW compressed TIFF images balloon from about 15 MB to over 20 MB.  Could this be a virus causing this?
dbrisendine
Posts: 5,584
Kudos: 1,294
Solutions: 263
Registered: ‎10-06-2008

Re: Bloodhound.Exploit.13 Warning

Yes.  Please run a scan with Malwarebytes' Antimalware to double check your system.
Please download MalwareBytes' AntiMalware from this LINK . Choose the free version as this does not have a real time scanner that will interfere with Norton products. Install the program and update the definitions.

Once MBAM is loaded, run a full scan with it. Have the program fix / delete whatever it finds and make a log file. Please post the log file contents or attach the log file to a reply post here for review.
Win7 x32 SP1
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Bloodhound.Exploit.13 Warning

[ Edited ]

Hi,

 

Please also have a look at the Bloodhound.Exploit.13 Summary and I would suggest following the instrusions.  Please also make sure you have all Windows Updates installed.

 

If you are getting a pop-up from Norton saying that Auto-Protect has Blocked Bloodhound.Exploit.13 from being Created, then that means that the Threat is trying to be installed on your computer, but Auto-Protect is preventing this from happening; chances are that your computer has not got Bloodhound.Exploit.13 on your computer, but you may have other Threats on your computer.

 

What Version of Norton are you using, e.g. N.I.S. 2010?  You can get the Version Number by: Opening your Norton Product > Help & Support > About > Version.

 

 

Message Edited by Floating_Red on 10-16-2009 01:59 PM
Message Edited by Floating_Red on 10-16-2009 02:02 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Newbie
carruthe
Posts: 4
Registered: ‎10-15-2009

Re: Bloodhound.Exploit.13 Warning

After checking out to make sure Malwarebytes was legit, I installed it and ran a scan.  It found nothing.  I also ran another full Norton system scan and it found nothing.  In answer to Floating_Red, I am using NIS 2010 (version 17.0.0.136) with the most recent Live Updates installed.
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Bloodhound.Exploit.13 Warning

[ Edited ]

You may want to scan in Safe Mode as well just to double-check that the scans in Normal Mode have not missed anything; however, if your computer is Running fine, and you haven't noticed un-usual lagging, then you'll be okay.  Please make sure you do Full System Scans to make sure your whole computer is scanned/checked over.  Please let us know if you have any concerns.

 

Message Edited by Floating_Red on 10-16-2009 10:54 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Newbie
carruthe
Posts: 4
Registered: ‎10-15-2009

Re: Bloodhound.Exploit.13 Warning

Thanks for your help - I'll try the Safe mode scan.  The only strange thing I've noticed is the ballooning of the file size of TIFFs when modified by Windows Live Photo Gallery and/or the Windows Properties/Details tab.  This is a pretty big problem when all of my 5000+ LZW compressed TIFF files increase from 15 meg to 20+ meg apiece.
Rootkit Eradicator
Posts: 5,357
Registered: ‎05-30-2008

Re: Bloodhound.Exploit.13 Warning

You're most welcome; thank-you for thanking me.  Glad I would be of such helpfulness to you.

 

Just be sure to let us know how the Full System Scan(s) go.

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Newbie
carruthe
Posts: 4
Registered: ‎10-15-2009

Re: Bloodhound.Exploit.13 Warning

Full system scan in safe mode found nothing.  Maybe it's just a false alarm...
floplot
Posts: 10,613
Topics: 218
Kudos: 2,055
Solutions: 367
Registered: ‎04-11-2009

Re: Bloodhound.Exploit.13 Warning

Hi Carruthe

 

Are you using the newest version of that Photo Gallery? Perhaps there was a change in the program itself that is causing what you are seeing now about the sizes getting larger. It looks like a newer version came out recently for the program.

Success always occurs in private and failure in full view.