In the past I have encountered the Haxdoor Variant Virus and defeated it with spysweeper, but now a new variant is out, and spysweeper does detect it, but upon delete it cannot prevent it from returning. I am on windows 2000 pro jus for basic 411, but here r the details and some links.
=================================================================
Attempts for Removal:
1.) HijackThis 1.99.1 logs it as: O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll
However upon delete it returns as it is a autorun Registry value.

2.) Xoftspy 4.15 Build 109 logs as: <SW NAME = "Haxdoor"><FILE NAME = "C:\WINDOWS\system32\ps.a3d"/> <FILE RES = "C:\WINDOWS\system32\ps.a3d Successfully ReMoved"/>
However when rescanning it comes back up.

3.) Webroot Spy Sweeper 4.0.3.405 Detects and Removes Haxdoor, However it returns also when removed.
=================================================================
Links:
1.) http://securityresponse.symantec.com...haxdoor.e.html
The one I have is a variant of Haxdoor E (E = avpx32.dll not avpu32.dll)

2.) http://www.kephyr.com/spywarescanner...es/index.phtml
read the post Highconvert.com - 17 Aug 2005
=================================================================
Ports Opened:
1.) Opens back door TCP ports 17986, 39340, and 16661.
Active Ports 1.4 verifies this.

=================================================================
Registry Value in question:
1.) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpu32
(deleted but comes back after deleted)
=================================================================


HELP ME PLEASE !!!!!!!!!!!!!!!