Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Bloodhound Detections are suspected Malware and, if your Full System Scans are coming up Clean, then there is nothing to worry about; you should be okay as long as you run LiveUpdate every-few-hours Daily and you Run Full System Scans at least twice-a-week. Also, this will be Sent to symantec Security Response to see if Virus Definitions need to be Created for this.
I noticed this just happened again. the same type of files as before. All part of the Norton Community Watch function. This is a littel conerning, but again, clean scans
Yeah,
I cannot find what the *.MH extension is to the heuristic detection, which I have set at the highest level possible in NIS 2008 on this XP x86 SP3 computer. Nuked the HD with Acronis DoD 4 pass protocol 2 weeks ago, reinstalled from factory disk. NIS started sending bloodhound packages to Norton after I installed Revo uninstaller. It also identifies various digital signed processes as key loggers, including ctfmon.exe in the %windows%/system32 directory as well as McSACore.exe obtained from www.siteadvisor.com (McAfee's siteadvisor) as a keylogger (hook keylogger, so I assume it think McAfee was implementing a kernel hook to get around the "firewall" .... cmon), which it is not. It blocked both processes. Other ppl on various forums reported that NIS 2008 blocked ctfmon.exe as well, from the same system folder, after installing the 3rd SP.
Also, as soon as I downloaded and installed revouninstaller from www.download.com, and ran it, the Bloodhound fun began. It immediately recognized revo as *.MH.227, and twice identified its own distribution redist32.exe executables as *.MH.122, and attempted submission. Also, after using CCleaner to empty the recycling bin, it identified a file in the recycling bin, dc9.exe as *.MH.262, based on heuristic detections. It did not notify me about any of these, I saw them under community watch just by coincidence when checking router logs.
Checking community watch even more. Going back in time, Norton identified one of its own modules, symlctnk.dl, as a packed/encrypted trojan/worm, declaring it Bloodhound.Packed.PH1. Apparently, it tried to scan its own files on a scan, and then implemented its own self defense, and protected its own module, so it didn't like its own behavior ....
On another machine I had, NIS was going nuts because it was not getting along with Cyberlink's PDVD 8 .... granted, it failed to catch the trojan downloader installer that was in the setup.exe (trojan installer), that was archived on my HD (Kaspersky, did, however), it did recognize several modules as packed/trojans/worms, although I had overwritten the setup.exe executable with a clean installer. Installing from a retail disc, Counterspy v3.1 also doesn't seem to get along with PDVD8, on what is undoubtedly a clean machine ... a Vista x86 SP1 HP with a nuked HD booted off Acronis (DoD protocol 2 weeks ago, for all LAN computers simultaneous disconnected from the network). brs.exe implements self protection, because its protecting BD+!
The false positive rate is concerningly high on the these heuristics scans. Again, KIS 2009, doesn't hit these as hard, (on the other computer), and Norton gives no indication what it believes "MH" heurstic files are supposed to represent. From the OP here, it seems a factory HP computer is likely clean, and that it is finding innocuous files, and labelling them MH. Considering this all began after installing revo uninstaller, from a trusted site, CNET, and hasn't propagated since (2 hours) and several scans with PCTools Spyware Doctor 6.0 are clean, searching for rootkits (which this can only be a rootkit, if it is anything, since the process is hiding), Rootkit revealer and Backlight (F-Secure) standalone modules do not reveal anyting and I am not about to post a HJT! log for this, I would like to know what, NIS, believes *.MH. modules/fiiles are doing. Packed makes sense, etc, MH, does not make sense.
Also, why is ctfmon.exe and Siteadvisor declared keyloggers ... again, SP 6.0 (full retail) doesn't pick this up.
Thanks,
JCH
Might we get a Norton persons perspective on this?
JohnCHolmes wrote:Yeah,
I cannot find what the *.MH extension is to the heuristic detection, which I have set at the highest level possible in NIS 2008 on this XP x86 SP3 computer. Nuked the HD with Acronis DoD 4 pass protocol 2 weeks ago, reinstalled from factory disk. NIS started sending bloodhound packages to Norton after I installed Revo uninstaller. It also identifies various digital signed processes as key loggers, including ctfmon.exe in the %windows%/system32 directory as well as McSACore.exe obtained from www.siteadvisor.com (McAfee's siteadvisor) as a keylogger (hook keylogger, so I assume it think McAfee was implementing a kernel hook to get around the "firewall" .... cmon), which it is not. It blocked both processes. Other ppl on various forums reported that NIS 2008 blocked ctfmon.exe as well, from the same system folder, after installing the 3rd SP.
Also, as soon as I downloaded and installed revouninstaller from www.download.com, and ran it, the Bloodhound fun began. It immediately recognized revo as *.MH.227, and twice identified its own distribution redist32.exe executables as *.MH.122, and attempted submission. Also, after using CCleaner to empty the recycling bin, it identified a file in the recycling bin, dc9.exe as *.MH.262, based on heuristic detections. It did not notify me about any of these, I saw them under community watch just by coincidence when checking router logs.
Checking community watch even more. Going back in time, Norton identified one of its own modules, symlctnk.dl, as a packed/encrypted trojan/worm, declaring it Bloodhound.Packed.PH1. Apparently, it tried to scan its own files on a scan, and then implemented its own self defense, and protected its own module, so it didn't like its own behavior ....
On another machine I had, NIS was going nuts because it was not getting along with Cyberlink's PDVD 8 .... granted, it failed to catch the trojan downloader installer that was in the setup.exe (trojan installer), that was archived on my HD (Kaspersky, did, however), it did recognize several modules as packed/trojans/worms, although I had overwritten the setup.exe executable with a clean installer. Installing from a retail disc, Counterspy v3.1 also doesn't seem to get along with PDVD8, on what is undoubtedly a clean machine ... a Vista x86 SP1 HP with a nuked HD booted off Acronis (DoD protocol 2 weeks ago, for all LAN computers simultaneous disconnected from the network). brs.exe implements self protection, because its protecting BD+!
The false positive rate is concerningly high on the these heuristics scans. Again, KIS 2009, doesn't hit these as hard, (on the other computer), and Norton gives no indication what it believes "MH" heurstic files are supposed to represent. From the OP here, it seems a factory HP computer is likely clean, and that it is finding innocuous files, and labelling them MH. Considering this all began after installing revo uninstaller, from a trusted site, CNET, and hasn't propagated since (2 hours) and several scans with PCTools Spyware Doctor 6.0 are clean, searching for rootkits (which this can only be a rootkit, if it is anything, since the process is hiding), Rootkit revealer and Backlight (F-Secure) standalone modules do not reveal anyting and I am not about to post a HJT! log for this, I would like to know what, NIS, believes *.MH. modules/fiiles are doing. Packed makes sense, etc, MH, does not make sense.
Also, why is ctfmon.exe and Siteadvisor declared keyloggers ... again, SP 6.0 (full retail) doesn't pick this up.
Thanks,
JCH
Do you have more than one Security Installed on your computer(s)?
THock wrote:
I noticed this just happened again. the same type of files as before. All part of the Norton Community Watch function. This is a littel conerning, but again, clean scans
If you keep your Norton Product Updated, e.g. update with the Latest V.D.s Daily and Intrusion Prevention, and do a Full System Scan at least twice-a-week, then you should alright.
How is your computer running, e.g. fast? Noticed anything un-usual happening on your computer?