| |
Backdoor HackerDefenderI was reading in Norton web site about this trojan,and the site said that is posible to remove this bug,but so far I can't,I know,I don't like the idea of formating and installing all again,but I already have another OS running XP-pro,,I'm just trying to fix this machine. I fallowed what norton said,like: Boot is safe mode Full scan Delete infected files(so far I deleted about 4 infected files) but averytime that I boot(normal boot) this file,hxdefdrv.sys, get infected,and now this is the only file that is left,which I have to delete,but I can't. Others forum helpers told me that I need to get ready to format and install all again,I know,that is easy but I would like to know if someone else was able to fix this bug. ======================= » www.sarc.com/avcenter/ve ··· der.html================================= |
|
 habya
Premium Member
join:2003-05-29
Huntsville, AL |
habya
Premium Member
2004-May-6 5:07 pm
What OS is running on the infected machine? |
|
| |
windows xp pro |
|
habya
Premium Member
join:2003-05-29
Huntsville, AL |
to manadigi
If system restore is enabled disable it then scan and remove the infected file(s) and see if that gets rid of it. If system restore is enabled that might be what keeps making the file continue to come back. |
|
| |
I did your tip,and the infected file is back after reboot anyway.
I boot in safe mode,scanned and found the file again,I deleted from "quarantine" folder and I booted again in safe mode and scanned and was there again.
Even after I desable the "system restore"
thanks. |
|
habya
Premium Member
join:2003-05-29
Huntsville, AL |
to manadigi
Quick question, do you have a firewall setup properly on the computer and windows fully patched? Try reading up on this site and see if it can be of any help » www.pestpatrol.com/pesti ··· nder.asp |
|
 siggyxSiggy
Premium Member
join:2003-12-10
Cambridge |
to manadigi
Best bet may be to follow the link below. Update the programs before you run them and post an unzipped HiJackThis log. » Security » I think my computer is infected or hijacked. What should I do? |
|
| |
Yes,I have all the patches and updates,I don't know what you means by "firewall setup".
Siggy,that is why I noticed this problem,"I was not able to download "HiJackThis" either "Spyboot" after the infection,both softwares were gone just like that,then I tried to download both of them, and averytime I have a error trying downloading,I tried from my second machine and is fine,then I send the compress file(spybot or HiJackThis)to a server(ftp) and I connected to the server with the infected machine and is impossible to get the file,is very weird,then I copy the "HiJackThis" from a clean machine to a floppy disk(about 180kb),and open the file in the infected machine,and can't read it all.
This is crazy,but I will keep trying.
thanks. |
|
siggyxSiggy
Premium Member
join:2003-12-10
Cambridge |
to manadigi
Have you tried any online scans? » www.pandasoftware.com/ac ··· ipal.htmHeres 1 but there are lots more. |
|
| |
yes,online scan detected few bugs and the same thing that Norton do,detected,deleted and then when boot,the virus is active again. |
|
habya
Premium Member
join:2003-05-29
Huntsville, AL |
to manadigi
With the firewall was just wondering if you had any good firewall installed and running on the computer, something like Zone Alarm, Sygate, Kerio, or any other firewall. |
|
| |
I have norton firewall. |
|
 illukka
Premium Member
join:2003-04-06
finland
1 edit |
to manadigi
i've heard that task info 2003 is able to show hackerdefender process and kill it( that is the only program capable of doing it)there is a trial version available » www.iarsn.com/see firewalls are useless against it, antiviruses are useless coz this seems to be a custom version.av's detect some versions of it, the public versions. can you take a screenshot of task info 2003 showing processes, if you don't know which is the nasty edit: the only way i've succeeded in in getting rid of it is connecting to localhost with the backdoor client, and giving the unistall command from it.. BUT you would have to know the backdoors password to do it.. i suspect that whoever was clever enough to make it undetected is clever enough to not use the default password |
|
| |
I will try it that.
This bug is sooo crazy,I copied Spybot and HijackThis in a dvd'r disk using a clean machine, in this clean machine I was able to run both softwares with no problem,then I boot in the infected machine,show everything but no Spybot and no HijackThis.
I am able to download all type of files with this infected machine,but is impossible to download spybot or HijackThis. |
|
| manadigi |
|
|
illukka
Premium Member
join:2003-04-06
finland |
illukka
Premium Member
2004-May-7 2:10 am
i don't see anything in it.
have you posted your hijackthis log? |
|
| |
to manadigi
|
|
| boban10 |
to manadigi
|
|
| |
|
|
| manadigi |
to boban10
zero suspicious module after running Rkdetector. |
|
| manadigi |
well,should I give up??? LOL!!!
anyway,the only thing a hacker can get is my bank account password,but the bank has a fraud insurance anyway.
All the rest wont hurt me it all.
What you guys think? |
|
siggyxSiggy
Premium Member
join:2003-12-10
Cambridge |
to manadigi
Can you please post an unzipped log. |
|
| |
well,I think is time to format,kinda give up.
thanks averybody for their time and help. |
|
| manadigi |
the latest weird thing that I found was my dual "desktop" yap,when the machine boot,show the desktop with the spyboot icon ,then the screen flash and the desktop wont show the spyboot icon anymore. |
|
|
| manadigi |
to siggyx
unzip file of what? |
|
| manadigi |
siggyx,if you are asking a unzip HijackThis file,I can't run this program it all,after the virus,the HijackThis and Spybot are gone,and is impossible to install them in this infected machine. |
|
| |
to manadigi
you dont posted the log of hijackthis. because of that is IMPOSIBLE to help you out. and if that pc was my, i will try to do everything to get all information and to delete this rootkit, i will never give up and format. but you are you, if u think that this is only solution then just format. good luck. |
|
| |
Well,that is a good advice,I have now 2 HD,both are almost identical,the only difference is that one is infected(this one) and the other is clean,with no virus,so far.
But,still I want to fix it,but I don't have any idea what to do next,I tried averything I think.
What I would like to know is why the virus wont allow this machine to run Spyboot and HijackThis,how come that HijackThis can destroy a virus that Norton A.V. can't,in the Norton site said that this virus is easy to remove and damages are minimun,I know,I should format and forget it.
I think that only reason that I'm trying to fix it is because I have 2 HD.
Even if this is funny,I will keep trying. |
|
| |
to manadigi
Not an expert here: but if Norton site says easy to fix, might be helpful to call Norton support? |
|
| |
Once I called Adobe for a technical issue and noticed that internet sites out there teach and help more than those companies who sale the software. |
|
