Haxdoor Strikes Again
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Haxdoor Strikes Again

  1. #1
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    Haxdoor Strikes Again

    In the past I have encountered the Haxdoor Variant Virus and defeated it with spysweeper, but now a new variant is out, and spysweeper does detect it, but upon delete it cannot prevent it from returning. I am on windows 2000 pro jus for basic 411, but here r the details and some links.
    =================================================================
    Attempts for Removal:
    1.) HijackThis 1.99.1 logs it as: O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
    However upon delete it returns as it is a autorun Registry value.

    2.) Xoftspy 4.15 Build 109 logs as: <SW NAME = "Haxdoor"><FILE NAME = "C:\WINDOWS\system32\ps.a3d"/> <FILE RES = "C:\WINDOWS\system32\ps.a3d Successfully ReMoved"/>
    However when rescanning it comes back up.

    3.) Webroot Spy Sweeper 4.0.3.405 Detects and Removes Haxdoor, However it returns also when removed.
    =================================================================
    Links:
    1.) http://securityresponse.symantec.com...haxdoor.e.html
    The one I have is a variant of Haxdoor E (E = avpx32.dll not avpu32.dll)

    2.) http://www.kephyr.com/spywarescanner...es/index.phtml
    read the post Highconvert.com - 17 Aug 2005
    =================================================================
    Ports Opened:
    1.) Opens back door TCP ports 17986, 39340, and 16661.
    Active Ports 1.4 verifies this.

    =================================================================
    Registry Value in question:
    1.) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpu32
    (deleted but comes back after deleted)
    =================================================================


    HELP ME PLEASE !!!!!!!!!!!!!!!

  2. #2
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Just curious if the MS Antispyware Beta removes this pest for you?
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  3. #3
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    MS anti-spy

    I have not tried that yet, but it could be worth a shot. thanks I will let you know how that works out.

  4. #4
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    MS spy did not detect the regostry key, but it did manage to mess up my IE browser. NOw whenever I click on home page set about:blank it crashes and i get error, and windows updates crashes my browser as well even after i reinstalled IE. I do not recommend IE ant-spy it simply sucks.

  5. #5
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    wow it even managed to mess up my yahoo and msn i can't even get on MSN or yahoo now thanks a lot for the MS antispy recommendation. next time please don't suggest crap for software.

  6. #6
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    can't even get into hotmail now without IE crashing. this is just great. MS - Anti-Spyware really did a number on me

  7. #7
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    wow that was scary luckily i fixed it by reinstalling ms anti spy and restoring browser stuff.
    now back to haxdoor

  8. #8
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Have a look at 'edit' button on top of the post. Keeps things a helluva lot neater.

    Anyway, have you been scanning and fixing in safe mode ? If you don't everything you undo can be done again . . .
    .

  9. #9
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    this virus prevents me from updating my windows updates. after i download all the security updates from microsoft it tells me that it is unsuccessful in installing them.

  10. #10
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    hesperus look I already combatted this virus in the past the problem does not lie within safe scanning or editing posts to be neat it lies within undetected traces of virri instructing the reg key to autorun, not to be rude or anything but if u don't know what ur talking about please don't comment on the issue. stop speculating. thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •