Hey TPP(Trailer Park Peoples),
Just got back from Colorado Springs, That is a nice area, anyhoot fired up computer and ran virus scan and Norten found a "BloodHound" virus in my Dynaceptor files I still have on hard drive. I'm sure I've run several scans with these files there and this is first time It found a virus.

Does the "BloodHound" mean anything??, Is someone looking for something? Is my Destruction Immenient?? Are all my Base belong to Us?? Have I missed "The TPP"??


finkle

Finkle,

Norton Anti-Virus programs use a patented technology called Bloodhound technology to try to identify new viruses.

Normally when an anti-virus program runs it relies on what is called [red]signature checking[/color]. When a new virus is discovered, the tecnicians at Symantec and other anit-virus companies record the parts of the virus that are unique and put them in the virus definition files.

What this does is tells the anti-virus program: "OK look here, the "Pretty park" virus is uniquie because in its program it always has this series of byte: A0 34 FF E5 B2."

So in this way when a virus checker is looking for a virus, it is comparing your executable files against those signatures and seeing if it finds those unique signatures in them. If it does, it identifies them as infected.

But what about a virus that has never been seen before? How can you protect a computer against a virus that isn't in the virus definition file? [yellow]That is where the Bloodhound technology comes into play.[/color]

Norton anti-virus uses this technology called "[yellow]heuristics[/color]" to simulate what would happen if a certain file were executed. It does this by emulating a virtual computer inside of itself and loading that file into the virtual computer. It then executes the program or file and monitors what happens.

The anti-virus program then looks for instances of the file trying to perform certain functions on the virtual computer, like formatting the hard drive, creating e-mail and sending it, erasing files, etc...

If it sees that the file is going to try to do this, it tags the file as being a [red]Bloodhound[/color] virus, followed by an extension. For instance, if it finds an unknown virus that will try to modify the boot sector of your hard drive, it will say Norton has found the following virus: [yellow]Bloodhound.Boot[/color] or if it is a virus which uses Microsoft Word to execute a malicious Macro function, it would report it as [yellow]Bloodhound.WordMacro[/color].

So if Norton is telling you it found a bloodhound virus, it is saying that it scanned a certain file, and the file has qualities that are similar to a virus, but that doesn't mean it actually IS a virus. Norton can also report one as [yellow]Bloodhound.unknown[/color] which means it doesn't fit the pattern of any known virus in its database, but it just looks suspect.

I can say that one of the bloodhound definitions is [yellow]Bloodhound.VBS.worm[/color] which is a virus that is written in visual basic and has the ability to copy itself. I would think that its very possible for Norton to look at a script like Dynaceptor and interpret the script (which is a Visual Basic script) and say to itself, "hey this thing is in visual basic and when I run it in my virtual computer it is doing some funky stuff I've never seen before... it must be an unknown virus.

Here's a test you can do to find out for sure:

Start Norton and update your virus definition files if you haven't updated them within the past two weeks. Next, select "Options" from the tools menu. When it brings up the page with tabs on it select the "Scanner" tab. Click on the box that says "Heuristics" and finally uncheck the box that says "Enable Bloodhound virus detection technology". Now go back and scan that directory again. I will be willing to bet it doesn't find anything.

If not, it is most likely just giving a false virus alert using the bloodhound technology. If it is a known virus, then Norton will still identify it without Bloodhound enabled.

But the point of this mile long ramble is that Bloodhound doesn't mean the virus is looking for anything, and All Your Base probably do not Belong To Us! ;)
[Edited by ^Falcon_65^ on August 3rd, 2001 at 03:21 AM]

You're pretty sharp for a HogHead :D ,

I did some searching on Google and it said something about "Boot" virus, anyhoot I deleted everything and ran new scans and all is good.

Nothing on the "Merger", just viscious rumors I guess?

Thanx again, finkle (currently a "GroundHog) :confused:

No Problem finkle,

And no.... no news on the merger. I wish [yellow]somebody[/color] would take us over... in the Summertime, there is nothing worse than a locomotive painted black! Maybe Bill Gates will buy us out and paint our engines powder blue with fluffy white clouds and a Windows Logo.

Then again, I don't know If I want to be owned by a guy whose company makes things that crash every 10 minutes ;)

i also had the same virus message in the dynaceptor files.i had the same reaction-delete them all.