Bloodhound.MBR

[clubmad83]

Hi guys, i've been lurking in these forums for sometime till i decided to register. Just too much good useful info in here.

Anyway, i've got a slight problem. My Norton Antivirus keeps on detecting a virus called Bloodhound.MBR . However, the only action i can take is to 'review' the problem. I've tried searching the forum for a history of the problem but no one seems to have had it before.

I was wondering if anybody could help me out here? Is there anyway to remove this 'virus'? Or, is it a false alert, cos of Norton's Bloodhound tech which im sure many are familiar with.

Many thanks in advance!

[christopher_wolf]

Welcome to the Thinkpad Forums.

First off, you really have to be sure that it is an MBR virus (which are quite rare), before making any changes. Symantec's tools have a heuristic algorithm which, at least Symantec hopes, will let it identify potential virus even though the said unknown virus/malware hash/ID may not be known by the Symantec software. Sophos has a good explanation here. That said, I don't think that you have a MBR virus, you should also probably try another scan with AVG, NOD32, Prevx1, or the like. Most often, this is a false alarm simply because a few lines my appear to be similar to something that NAV is programmed to find within a particular virus and so the heuristic scanning picks up on it. Again, in all probability, it is due to the Bloodhound scanning system NAV uses.

Now, if you are *absolutely* sure that it is an MBR virus, you can try to fix the MBR either with Windows, which isn't recommended because you will lose access to the RnR HPA, or with the IBM/Lenovo MBR Repair Tool. Although I really think that what you have is a false alarm.

[clubmad83]

Thanks for the quick reply. I've been seeing this warning from Norton about this potential threat for about 2 months now, but nothing has happened. i've scanned for viruses using E-trust's anti virus but it detected squat. I guess its just norton playing with me.

PS: I was wondering if a performing a fresh install of windows from the HPA, and then using a backup from R&R to get back old files n all that stuff would be of any use?

Thanks !

[christopher_wolf]

PS: I was wondering if a performing a fresh install of windows from the HPA, and then using a backup from R&R to get back old files n all that stuff would be of any use?

Thanks !

Not of much use at all. MBR Viruses, rare as they are, are easy to fix either through Windows repairing the MBR or with the IBM/Lenovo MBR repair tool if you want to keep the RnR HPA partition. It would be going through needless trouble to re-image the whole disk for just that.

[GomJabbar]

I thought I remembered something about IBM and Bloodhound, so I Googled it and came up with the following.

Norton AntiVirus detected an unknown virus "bloodhound.mbr" - IBM Rescue and Recovery

[christopher_wolf]

Logically, it comes as no suprise since the MBR on most modern Thinkpads is different from what one would come across in a standard setup given that it needs modification due to the HPA. The heuristic methods that NAV uses as such are prone to higher rater of false positives and useless results, much like some searching methods and comaparison against "textbook" viral algorithms. They also tend to be resource intensive with significant numerical components to them, the last thing that NAV needs is more things taking up even more resources to come up with a guess as to whether one has a, very rare, MBR virus or not.

[clubmad83]

hehe. i guess nobody here is really a big fan on Norton. Anyway, one last qn, is it advisable to switch to E-trust's anti virus instead of continuing with Norton? My only concern about switching is that i'll be without a firewall.

[christopher_wolf]

hehe. i guess nobody here is really a big fan on Norton. Anyway, one last qn, is it advisable to switch to E-trust's anti virus instead of continuing with Norton? My only concern about switching is that i'll be without a firewall.

I use AVG and Kerio on-site and personally; they are, from a resource and upkeep standpoint, a far better than NAV for both AV and firewall.

If you look around the forum some, you will find threads that compare all of the features of quite a few AVs and firewalls, as well.

[clubmad83]

Thanks for the recomendation of Keiro! It's rather good with almost no resource hogging i find.

The ony problem i have with it is that it's blocking of advertisements is too dramatic and wide-ranging! Even 'banners' from my school's site gets blocked and the page-scrolling function on select pages are totally removed, leaving me with nothing but what initially loads up to look at!

Anybody has any suggestions of a workaround this problem? I've tried searching around both in these forums and on the web. I've also tried to use site exceptions btw, but they don't allow for the editing of 'ads' under the category.

[GomJabbar]

I've tried to use site exceptions btw, but they don't allow for the editing of 'ads' under the category.

On the Web tab > Ad blocking tab, there is a button next to Block advertisements that says Set. Click on the button and uncheck the box(s) that you want to allow through. It is a little tricky figuring out which ones to uncheck. FWIW, I only have one unchecked, and that is .*[bB]anner.?/.*.

One odd behavior I've noticed is that when I am browsing with Opera 8.54, I sometimes see Ad blocked by KPF. I can launch Netscape 7.2 and the ad comes through.