Hi Daspdasp:

Can you tell us your operating system and service packs?  Also what version of Norton do you have?  Look under Help & Support> about.

Have you updated and tried a full system scan?  Disable system restore and disconnect from the net before the scan.  Let us know if anything shows up.  Did you get any warnings from Norton?

Hello,

I have XP with SP2 and am updated with all Microsoft service packs.  My antivirus was all updated. 

Norton showed the bloodhound.pdf.10 virus in a temp file in LOCAL.  That was immediately detected when I went to the suspect website and before the scan.  I quarantined it and deleted it and the FULL scan did not reveal anything even though a.exe was on the pc in the recycler bin (I had deleted it manually).  I have looked around on the pc some more and at files modified at exactly that time.  I did find a prefetch file called "a.exe-1c1f2ffb.pf".  It does not seem like other files were downloaded.  But a.exe did run and I am wondering if it did anything (but I cannot see any files it placed).  Like I said before, it did not access the internet as my firewall blocked it and then I killed it in taskmgr.

d

Hello,

I found the prefetch file today and deleted it.  Is it really the same file as a.exe (ie, is this file malicious or is it only a pointer to the a.exe file?)

Again, I looked at all files modified for yesterday at the given time (11:48am) and found the prefetch file.  I did not see any other files downloaded at this time. 

After reading some correspondance about this possible virus, some people said it took advantage of a hole in Adobe Reader.  Since I had v7 I downloaded the version 9.  Had no problems but noticed that when I opened WORD, the Control Toolbox window was opened.  Usually, it will not open a window like this unless I used it before.  So I thought it had something to do with the Adobe install as the reader is listed in the Class files (active X or dll).  Maybe a total coincidence.  I was just worried that the a.exe program did something to this (added a ocx or dll file) but I cannot find anything.

As I said, I am sure the virus came about from clicking on that newstory in that paper.  It could likely be repeated if someone or Norton wants to check it out.  

Any suggestions as to how to determine if anything was done to my system?

d

Foxnews.com has had some real issues with malware recently.  I would stay away from that site.  You were most likely infected through one of the ads.  For a thorough (and long) discussion, check out this thread at DSL Reports:

Hello,

good call.  I did not know this.   FoxNews had a link to the London SUN website (probably owned by the same company).  When the page was loading, about 100 clicks were heard (seems like it clicks when it fetches something like popups).  I got worried and disconnected but it was too late.  The a.exe file was Russion as when I clicked properties, it was all in Russian.  Something about version 5.xxx

Again if Norton wants to verify all of this and make a fix, do a search for "clown shoes" or something close to this (about a clown who wasn't allowed to wear his big shoes -  hey I did not make this up). 

d

If you wanted to run another scan just to reassure yourself, you can download Malwarebytes, free version here:

http://www.malwarebytes.org/mbam.php

Install, update and run with log.  You can post the log here if you wish and others will view it.

Hi daspdasp,

I believe I found the page you were referring to, but I had no unusual events occur. My NIS2009 is fully up to date along with my Adobe Reader.

I don't see where you have noted which Norton product and version you are using, however in addition to what delphinium has suggested, I would also recommend performing a Norton Full System Scan in SAFE MODE while disconnected from the internet.

Your experience emphasizes the need to keep all programs updated, not just Windows and your security program.

There is a free online evaluation tool at Secunia that will examine your system to see if any other programs have vulnerabilities. If any are noted, you will be provided with a link to update them.

The Simple Scan should tell you all you need and no downloads are required.

Best Wishes.

[edit: grammar]