Haxdoor
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Haxdoor

  1. #1
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    Haxdoor

    Trojan:
    Haxdoor.BGN or Haxdoor-O or mszx23.exe Backdoor.Haxdoor.D

    Directory= C:\WINNT\system32
    System = windows 2000 pro (NT)

    Problem Symptom:
    After Deleting vdnt32.sys
    successfully in safe mode
    file drct16.dll creates itself
    in system32 folder ( 0kb)
    which cannot be deleted.

    notes:
    w32tm.exe (returns after delete)
    drct16.dll (cannot delete shares attributes with vdnt32.sys)
    vdnt32.sys (cannot delete except in safe mode: shares attributes with drct16.dll)

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_VDMT16
    (cannot delete)

    Yes I tried the file in use deleter application, and I also tried Killbox, but no such luck. Anyone know what service proccess causes the return of these 2 files ????

  2. #2
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Here’s a free site that supposedly scans/removes haxdoor:

    http://www.what-is-spyware.net/Haxdoor-o.html

    Hope that helps.

    cheers
    Connection refused, try again later.

  3. #3
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    thanks

    thanks i will try and let u know what happens.

  4. #4
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    XoftSpy4.10

    I downloaded this application and installed it although it does not allow me to run the software for some reason I get an application error.

  5. #5
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    http://forums.maddoktor2.com/index.php?showtopic=2659

    Read that thread and see if any of it is helpful.


  6. #6
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    And upload a copy of the .exe to your AV supplier if you can.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    7 days later and finally I kicked this trojans butt thanks to WebRoot Spy Sweeper 3.5.0.194 Beta Trial Version. It must be the 194 beta version otherwise you won't be able to update ur definition files. It detected haxdoor backdoor trojan right away, and in conjunction with that and Killbox I managed to delete the file that kept coming back in my windows system32 folder.

    Safe at last thanks to WebRoot Spy Sweeper.

  9. #9
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    You know, I don't know which I am gladder about ..

    The fact that you fixed the problem,
    or,
    The fact that you came back and reported it letting us know your progress and solutions!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  10. #10
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    Haxdoor

    Well thats one for the good guys. If I can make people aware of malware I will.

    Score:
    Spy Sweeper - 1
    Haxdoor - 0



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •