Haxdoor Strikes Again - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Haxdoor Strikes Again

  1. #11
    Senior Member
    Join Date
    Dec 2004
    Posts
    107
    If I was you, I would download ad-aware along with the latest update, boot to safe mode (per hesperus' advice) and try it. You have nothing to lose. At worst, it will just come back and you will have proved me and hesperus wrong.

    Also, a few questions:

    What leads you to believe this registry key is the key in question? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpu32

    How do you know it "autoruns"?

    When does the key come back? Immediately after deletion? Or after reboot?

    Have you tried searching on google for Haxdoor? The first link looks interesting...

    And finally two suggestions:

    1. Stop using IE (Mozilla, Netscape, or Opera will do on Windows machines)
    2. I would strongly suggest to be curteous to other AO members, especially when they are trying to help you.

    -ik
    Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
    -- Homer S.

  2. #12
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    You are right, I replied too fast with 'safe mode', but you should be doing this anyway.

    This is a rootkit, not just spyware. Have you tried any rootkit tools ? Here are two that may dig a little deeper than regular spyware detectors :

    Most of these detectors require quite a bit of technical skill to interpret the results but one of the simplest to use and most effective is also free. It's called BlackLight [1] and is currently available as a free beta from F-Secure until the 1st of October 2005. I suggest everyone download this product and scan their PC. The chances of you being infected are small but for five minutes work it's not worth taking the risk. BlackLight will detect most rootkits missed by AV scanners but can still be fooled by state-of-the-art rootkits like Hacker Defender. To detect this and a few other insidious rootkits, you need heavier artillery. Currently the biggest gun in the rootkit detection war is a free Chinese product called IceSword [2]. It will reveal absolutely everything running on your PC. Usage, however, requires considerable skill together with the patience to work out the program which is currently only documented in Chinese. In the hands of an expert, its an amazing tool.
    [1] http://www.f-secure.com/blacklight/cure.shtml Windows 2000 and later, 911KB.
    [2] http://www.Xfocus.net/tools/200505/1032.html slow Chinese site, 1.5MB[
    http://www.techsupportalert.com/best..._utilities.htm

    Rooted twice ? Hmmm . . .

    Good luck.
    .

  3. #13
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136
    thank u all for trying to help i managed to fix it . there were 2 hidden trace files in windows\system32 folder called avpu32.sys & avpu64.sys and by using killbox i managed to prevent those 2 files from making the registry value return. I apologize to hasperous for getting out of line i was just a lil frustrated cuz i spent the past 24 hours without sleep trying to get rid of this menacing plague.

    thank you both for trying to help me. problem is resolved.


    by the way i will check out the rootkit software jus for kicks. lol

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides