Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Hi siliconman01, if you set Advanced Heuristic Protection back to the default of Automatic, do you still see this detection when you do the boot time defrag?
Thanks,
Lisa
LisaK wrote:Hi siliconman01, if you set Advanced Heuristic Protection back to the default of Automatic, do you still see this detection when you do the boot time defrag?
Thanks,
Lisa
With Advanced Heuristic Protection set to Automatic and Early Load active, the Bloodhound.boot alert does not occur. I prefer to be with aggressive heuristics; however, if it produces false alarms regularly, I will stay on automatic.
Thanks for your assistance.
I am going to resurrect this post because it is an issue with me that I would like to resolve on my Vista SP1 system with PerfectDisk 2008, Build 64 and NIS V16.1.0.33. The system is a Dell XPS410. All software is up-to-date.
I would very much like to run Heuristics on Aggressive with Early Load active. However, when I do, I get the Bloodhound.Boot alert each time the system is rebooted. On rescan, no action is required.
On my XP-SP3 computer with NIS 2009 V16.1.0.33 and PerfectDisk 2008 Build 64 with Early Load active and Heuristics set to Aggressive, I do not get the BloodHound.Boot alert.
Update:
I removed PerfectDisk 2008 and the Bloodhound.boot alert still occurs.
I ran CHKDSK C: /r /f
- On the first boot, Bloodhound.boot did not appear
- On the second reboot, Bloodhound.boot did not appear
- On the third and subsequent reboots, Bloodhound.boot has reappeared each time.
This may be an Un-known Internet Threat on your computer which has not yet had Virus Definition Signatures written for it. Therefore, please Submit all Files Norton Detects to symantec Security Response: https://submit.symantec.com/websubmit/retail.cgi.
Bloodhound Summary: http://www.symantec.com/en/uk/security_response/writeup.jsp?docid=2000-121911-5753-99&tabid=1.
There is nothing in Quarantine to submit and no identification of a file that is Bloodhound.boot.
In History, it states:
Activity: Bloodhound.Boot detected by Auto-Protect
Status: Removed
Recommended Action: Resolved-No Action
Component: Auto-Protect
Definitions Version: 2008.11.20.051
Risk Name: Bloodhound.Boot
Risk Category: Heuristic Virus
Risk Type: Boot Record
Risk Level: High
Risk State Fully Removed
Risk Item: Drive \Device\HarddiskVolume1
Yet, it finds the above on each reboot.
Update:
I just found that if I turn off "Scan Removable Media" under Auto-Protect that the Bloodhound.Boot alert is not found. I have no disks in any of my removable drives...none..nada.
My removable drives are:
Floppy disk drive (Standard floppy disk controller)
Generic Flash HS-CF USB Device
Generic Flash HS-Combo USB Device
TEAC US HS-CF Card USB Device
TEAC US HS-MS Card USB Device
TEAC US HS-SD Card USB Device
TEAC US HS-xD/SM Card USB Device
TSST corp CDRWDVD TS-H493A
TSST corp DVD+-RW TS-H653A
Have you tried Scanning with a Free On-line Scanner such as Malwarebytes’ Anti-Malware or SUPERAntiSpyware?
Yes, both Mbam and SAS.
See my edit to my previous post.
siliconman01 wrote:Yes, both Mbam and SAS.
See my edit to my previous post.
Hello!!
What were the Results of Scan? Were they done in Normal Mode, Safe Mode, or both? Did you Scan all Drives? If not, which ones did you Scan? And did you remember to Update the Products before you Ran a Full Scan? Thanks!
I have scanned in both Normal Mode and Safe Mode. Nothing found by either SAS PRO, MBAM, TrojanHunter
Did you read this in my previous post? This makes me think there is a bug in the Heuristics scanner.
siliconman01 wrote:I just found that if I turn off "Scan Removable Media" under Auto-Protect that the Bloodhound.Boot alert is not found. I have no disks in any of my removable drives...none..nada.
My removable drives are:
Floppy disk drive (Standard floppy disk controller)
Generic Flash HS-CF USB Device
Generic Flash HS-Combo USB Device
TEAC US HS-CF Card USB Device
TEAC US HS-MS Card USB Device
TEAC US HS-SD Card USB Device
TEAC US HS-xD/SM Card USB Device
TSST corp CDRWDVD TS-H493A
TSST corp DVD+-RW TS-H653A
I am making a basic assumption that NIS 2009 does not look at my 2 SATA Western Digitial Raptor Hard Drives as "Removable".
Update:
NIS 2009 does look at the SATA hard drives as Removable. That is why turning off "Removable Media Scan" stops the Bloodhound.Boot detection. I disabled my 2nd WD hard drive via BIOS and BloodHound.Boot was only detected on my 1st WD hard drive.
Yes I did; just wanted to make sure of the Scans you did.
siliconman01 wrote:I am making a basic assumption that NIS 2009 does not look at my 2 SATA Western Digitial Raptor Hard Drives as "Removable".
Update:
NIS 2009 does look at the SATA hard drives as Removable. That is why turning off "Removable Media Scan" stops the Bloodhound.Boot detection. I disabled my 2nd WD hard drive via BIOS and BloodHound.Boot was only detected on my 1st WD hard drive.
Just for clarity:
I have 2 Western Digital Raptor 10,000 rpm hard drives.
Drive 1 is my C: and D: partitions. My main system is on the C: partition; partition D: is used for miscellaneous data files such as pictures, downloads, documents, etc:
Drive 2 is a mirror image of Drive 1. Drive 2 is the E: and F: partitions. I use Casper to clone from Drive 1 to Drive 2.
I can boot from either Drive 1 or Drive 2.
Bloodhound.boot is detected on both drives.
I feel confident that the user at the link below is experiencing the same type of issue that I am. Could the gurus from Symantec please investigate what is happening on these two systems with aggressive heuristics.
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=20715
Aggressive heuristics is suppose to enhance detection capability significantly. However, having it set to aggressive with Early Load enabled under Auto-Protect appears to be issuing false positives.
I assume you get a pop-up of your Norton Product Detecting the File; what does the pop-up say, that should pop up on the bottom right-hand-side of your screen?
I have posted my views regarding the Aggressive Heuristics mode of Norton 2009 in the following thread. Kindly check as I think it can hep you.
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=20715
After clicking on Apply All
Noticed that PerfectDisk does a very through defrag. Are there any program settings you can change to stop Norton from detecting BloodHound.Boot? Such as a boot-time defrag? And the reason it cannot quarientine is probably because it is supposed to complete the task once at startup and deletes itself afterwards. Norton notices the file; it cannot quarientine because it is already gone.
Obviously, by applying a "rescan" Norton will rescan the boot sectors and notice the file is gone, and therefore disinfected.
As stated in an earlier post, I temporarily uninstalled PD 2008 and still get the alert. I run PD 2008 with the special Raxco modification that does not even load any of its drivers until I manually activate PD to do a defrag. After the defrag, it shuts down all of the drivers.
I do not do an offline defrag on every computer boot.