August 24th, 2005, 09:26 AM
Haxdoor Strikes Again
In the past I have encountered the Haxdoor Variant Virus and defeated it with spysweeper, but now a new variant is out, and spysweeper does detect it, but upon delete it cannot prevent it from returning. I am on windows 2000 pro jus for basic 411, but here r the details and some links.
Attempts for Removal:
1.) HijackThis 1.99.1 logs it as: O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
However upon delete it returns as it is a autorun Registry value.
2.) Xoftspy 4.15 Build 109 logs as: <SW NAME = "Haxdoor"><FILE NAME = "C:\WINDOWS\system32\ps.a3d"/> <FILE RES = "C:\WINDOWS\system32\ps.a3d Successfully ReMoved"/>
However when rescanning it comes back up.
3.) Webroot Spy Sweeper 22.214.171.1245 Detects and Removes Haxdoor, However it returns also when removed.
The one I have is a variant of Haxdoor E (E = avpx32.dll not avpu32.dll)
read the post Highconvert.com - 17 Aug 2005
1.) Opens back door TCP ports 17986, 39340, and 16661.
Active Ports 1.4 verifies this.
Registry Value in question:
1.) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpu32
(deleted but comes back after deleted)
HELP ME PLEASE !!!!!!!!!!!!!!!
August 24th, 2005, 02:27 PM
Just curious if the MS Antispyware Beta removes this pest for you?
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
August 24th, 2005, 09:43 PM
I have not tried that yet, but it could be worth a shot. thanks I will let you know how that works out.
August 24th, 2005, 10:57 PM
MS spy did not detect the regostry key, but it did manage to mess up my IE browser. NOw whenever I click on home page set about:blank it crashes and i get error, and windows updates crashes my browser as well even after i reinstalled IE. I do not recommend IE ant-spy it simply sucks.
August 24th, 2005, 11:14 PM
wow it even managed to mess up my yahoo and msn i can't even get on MSN or yahoo now thanks a lot for the MS antispy recommendation. next time please don't suggest crap for software.
August 24th, 2005, 11:21 PM
can't even get into hotmail now without IE crashing. this is just great. MS - Anti-Spyware really did a number on me
August 25th, 2005, 12:40 AM
wow that was scary luckily i fixed it by reinstalling ms anti spy and restoring browser stuff.
now back to haxdoor
August 25th, 2005, 12:53 AM
Have a look at 'edit' button on top of the post. Keeps things a helluva lot neater.
Anyway, have you been scanning and fixing in safe mode ? If you don't everything you undo can be done again . . .
August 25th, 2005, 01:01 AM
this virus prevents me from updating my windows updates. after i download all the security updates from microsoft it tells me that it is unsuccessful in installing them.
August 25th, 2005, 01:06 AM
hesperus look I already combatted this virus in the past the problem does not lie within safe scanning or editing posts to be neat it lies within undetected traces of virri instructing the reg key to autorun, not to be rude or anything but if u don't know what ur talking about please don't comment on the issue. stop speculating. thanks.