|
-
February 21st, 2005, 02:18 AM
#1
Haxdoor
Trojan:
Haxdoor.BGN or Haxdoor-O or mszx23.exe Backdoor.Haxdoor.D
Directory= C:\WINNT\system32
System = windows 2000 pro (NT)
Problem Symptom:
After Deleting vdnt32.sys
successfully in safe mode
file drct16.dll creates itself
in system32 folder ( 0kb)
which cannot be deleted.
notes:
w32tm.exe (returns after delete)
drct16.dll (cannot delete shares attributes with vdnt32.sys)
vdnt32.sys (cannot delete except in safe mode: shares attributes with drct16.dll)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_VDMT16
(cannot delete)
Yes I tried the file in use deleter application, and I also tried Killbox, but no such luck. Anyone know what service proccess causes the return of these 2 files ????
-
February 21st, 2005, 02:27 AM
#2
Here’s a free site that supposedly scans/removes haxdoor:
http://www.what-is-spyware.net/Haxdoor-o.html
Hope that helps.
cheers
Connection refused, try again later.
-
February 21st, 2005, 02:58 AM
#3
thanks
thanks i will try and let u know what happens.
-
February 21st, 2005, 03:22 AM
#4
XoftSpy4.10
I downloaded this application and installed it although it does not allow me to run the software for some reason I get an application error.
-
February 22nd, 2005, 12:16 AM
#5
-
February 22nd, 2005, 12:27 AM
#6
And upload a copy of the .exe to your AV supplier if you can.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
February 22nd, 2005, 10:38 AM
#7
Oliver's Law:
Experience is something you don't get until just after you need it.
-
February 28th, 2005, 11:31 AM
#8
7 days later and finally I kicked this trojans butt thanks to WebRoot Spy Sweeper 3.5.0.194 Beta Trial Version. It must be the 194 beta version otherwise you won't be able to update ur definition files. It detected haxdoor backdoor trojan right away, and in conjunction with that and Killbox I managed to delete the file that kept coming back in my windows system32 folder.
Safe at last thanks to WebRoot Spy Sweeper.
-
February 28th, 2005, 12:30 PM
#9
You know, I don't know which I am gladder about ..
The fact that you fixed the problem,
or,
The fact that you came back and reported it letting us know your progress and solutions!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
March 1st, 2005, 01:18 AM
#10
Haxdoor
Well thats one for the good guys. If I can make people aware of malware I will.
Score:
Spy Sweeper - 1
Haxdoor - 0
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
