Bloodhound.MalPE

Bloodhound.MalPE is a generic detection created to identify malicious files and threats that are related to Backdoor.Tidserv family of Trojan. Detected Bloodhound.MalPE files are believed to be malicious and can cause serious security risks on the computer and its network environment.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

Characteristics
Upon execution, Bloodhound.MalPE will drop the following file on Windows Temp directory:
%Temp%\WINDOWS\TEMP\00000000.TXT
%Temp%\WINDOWS\TEMP\00000000.ZIP
%Temp%\WINDOWS\TEMP\NSD399.tmp
%Temp%\WINDOWS\TEMP\00000000.Exe

The following directories are also created to dump its files:
%Temp%\WINDOWS
%Temp%\WINDOWS\TEMP

Bloodhound.MalPE is associated with another Trojan that purposely developed to generate profit for its authors. This Trojan performs actions to enhance the presence of another Trojan in order to execute the tasks absolutely.

Some functionalities of Bloodhound.MalPE include the following:

  • Monitors Internet browser activity of the compromised PC
  • List all running processes that belongs to security products such as anti-virus and firewall
  • Deactivate security software to make the infected computer helpless and avoid Trojan removal
  • Connects to a remote server and download additional malware
  • Remains undetected by injecting itself to legitimate Windows process

Distribution
Bloodhound.MalPE is spread on the Internet through malicious links posted on compromised web sites like forums and blogs. Social networking sites, Instant messaging applications and spam email messages are also found helping the Trojan reach its target.

How to Remove Bloodhound.MalPE

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Bloodhound.MalPE, open your antivirus application and update the virus definition file.

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Scan with Norton Power Eraser:

Additional virus removal tool like Norton Power Eraser provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.

5. Go to this link and download Norton Power Eraser.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.

Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.

10. Now click on Fix to start removing the threats including Bloodhound.MalPE remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.

Alternative Removal Method for Bloodhound.MalPE

Option 1 : Use Windows System Restore to return Windows to previous state

If Bloodhound.MalPE enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Bloodhound.MalPE infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.