Trojan:
Haxdoor.BGN or Haxdoor-O or mszx23.exe Backdoor.Haxdoor.D

Directory= C:\WINNT\system32
System = windows 2000 pro (NT)

Problem Symptom:
After Deleting vdnt32.sys
successfully in safe mode
file drct16.dll creates itself
in system32 folder ( 0kb)
which cannot be deleted.

notes:
w32tm.exe (returns after delete)
drct16.dll (cannot delete shares attributes with vdnt32.sys)
vdnt32.sys (cannot delete except in safe mode: shares attributes with drct16.dll)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_VDMT16
(cannot delete)

Yes I tried the file in use deleter application, and I also tried Killbox, but no such luck. Anyone know what service proccess causes the return of these 2 files ????