Haxdoor

Trojan:
Haxdoor.BGN or Haxdoor-O or mszx23.exe Backdoor.Haxdoor.D

Directory= C:\WINNT\system32
System = windows 2000 pro (NT)

Problem Symptom:
After Deleting vdnt32.sys
successfully in safe mode
file drct16.dll creates itself
in system32 folder ( 0kb)
which cannot be deleted.

notes:
w32tm.exe (returns after delete)
drct16.dll (cannot delete shares attributes with vdnt32.sys)
vdnt32.sys (cannot delete except in safe mode: shares attributes with drct16.dll)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_VDMT16
(cannot delete)

Yes I tried the file in use deleter application, and I also tried Killbox, but no such luck. Anyone know what service proccess causes the return of these 2 files ????

Here’s a free site that supposedly scans/removes haxdoor:

http://www.what-is-spyware.net/Haxdoor-o.html

Hope that helps.

cheers

thanks i will try and let u know what happens.

I downloaded this application and installed it although it does not allow me to run the software for some reason I get an application error.

http://forums.maddoktor2.com/index.php?showtopic=2659

Read that thread and see if any of it is helpful.

:)

And upload a copy of the .exe to your AV supplier if you can.

http://securityresponse.symantec.com...haxdoor.d.html

7 days later and finally I kicked this trojans butt thanks to WebRoot Spy Sweeper 3.5.0.194 Beta Trial Version. It must be the 194 beta version otherwise you won't be able to update ur definition files. It detected haxdoor backdoor trojan right away, and in conjunction with that and Killbox I managed to delete the file that kept coming back in my windows system32 folder.

Safe at last thanks to WebRoot Spy Sweeper.

You know, I don't know which I am gladder about ..

The fact that you fixed the problem,
or,
The fact that you came back and reported it letting us know your progress and solutions!

Well thats one for the good guys. If I can make people aware of malware I will.

Score:
Spy Sweeper - 1
Haxdoor - 0


:D