Bloodhound.MalPE is the latest Trojan infection to be causing all sorts of chaos on the net. Specifically, Bloodhound.MalPE is a detection which may be triggered when malware is packed in a particular way to avoid detection. The majority of the malware seen obfuscated in this way have been Trojan password stealers.
Some Trojan password stealers may be capable of modifying registry data to execute a dropped copy of the Trojan at each Windows start.
The following symptoms are commonly known to be related to this parasite, Bloodhound.MalPE:
* Browser and search engine hijacked by malicious web sites
* Incapability to alter desktop wallpaper, unable to delete strange desktop icons
* Bloodhound.MalPE re-creates itself after been eliminated manually, exceptionally complicated to get rid of
* Corrupt or missing registry keys, dlls and system files produce \"Blue Screen\"
* Slow pc, long startup and re boot with windows screen freeze
* Pop-up blocker unable close pop-up windows, overflowed Computer with disturbing porn pop-up messages
Characteristics of Bloodhound.MalPE are as follows:
* Monitors registry records, captures surfing history and Windows activity to create matching pop ups
* Logs active security software, deactivates antivirus and firewall programs and forwards private information to outlying sites
* Bloodhound.MalPE installs itself into system and downloads malicious Trojan and adware bundles via security leaks.
* Enables an In Process Object/Server - Common with DLL Injections
* The Process is packed and/or encrypted using a software packing process
* Creation and Registration of a Browser Helper Object in Internet Explorer
* Registers a Dynamic Link Library (DLL) File
* The Process is polymorphic and can change its structure
* Found on infected systems and resists interrogation by security products
Obviously this infection will need to be removed from any system it has infiltrated, immediately. It is recommended to employ the services of a fully functional anti-spyware application, so as to remove this parasite and all its components from the infected system.
Comments
Also found in
C:\System Volume Information\_restore{XXXXXXXXX-XXXXXX-XXXXXX-XXXXXXX-XXXXX}\RP221\A0028452.exe
Moe,
Clean out your system restore. That will get rid of that entry.