| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 47827 | 2004-08-06 22:48:00 | trojan horse backdoor.hacdef.c | lpaint (5949) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 259021 | 2004-08-06 22:48:00 | This is a follow-on to my previous 'gtzegs.outhost.info' I am still plagued with this virus. everytime I reboot the virus in file hxdefdrv.sys is loaded under C:\winnt\ . AVG virus detector picks it up. It gets deleted but loads again on the next reboot. The files AP0.sys and AP1.sys are also loaded under C: \norton antivirus\ quaratine\incoming\. At the moment I have got around these last two by deleting their contents but leaving the file there empty. I did the same for 'hxdefdrv.sys but it has re-writen this file. Reading forums about this virus it appears there may be a hidden file called winuins.ini that may be loading these virus on each reboot. Has anyone any solutions to my problem |
lpaint (5949) | ||
| 259022 | 2004-08-06 22:54:00 | Len, it is better to keep your posts related to the same problem in the same thread otherwise people are just going to suggest the same old advice all the time if they haven't seen the history of the problem. | Susan B (19) | ||
| 259023 | 2004-08-06 23:18:00 | Point taken. | lpaint (5949) | ||
| 259024 | 2004-08-07 02:06:00 | forums.devshed.com Have a look at the above link and see if that helps, otherwise try the link below for other information. www.google.com |
Gordon. (2217) | ||
| 259025 | 2004-08-07 02:44:00 | Thanks Gordon. thanks for the links. I have been there what they talk about is exactly what I have. I have now cleared out the registry but they come back again when I reboot. No one seems to have an answer how to stop it reloading on reboot except Susan. It is a bit drastic though to reformat the hard drive. There must be someone out there who understands programming in Borland Delphi that this bloke at megasecurity used to write the program that may have the answer. |
lpaint (5949) | ||
| 259026 | 2004-08-07 03:02:00 | Ipaint I am not sure if you have been down this avenue or not, but have you been here (www.symantec.com)? Oxie (Lyn) |
Oxie (1318) | ||
| 259027 | 2004-08-08 07:23:00 | The latest state of play. I thought I had fooled it by leaving the AP0.sys and AP1.sys in place but without any contents. Then it created AP2.sys on reboot. I have not removed norton as suggested at this stage. I have renamed the directory though where is was putting the AP files. the last reboot it did not create a file. It is still creating the virus file 'hxdefdrv.sys on bootup. This is easily removed but I have not found out what is creating it each boot up. |
lpaint (5949) | ||
| 259028 | 2004-08-08 08:59:00 | Have you run HijackThis at all? | Susan B (19) | ||
| 259029 | 2004-08-08 10:14:00 | is this a program. seen it mentioned a lot of time but I am not familiar with it | lpaint (5949) | ||
| 259030 | 2004-08-08 11:07:00 | Yes, HijackThis is a program that is available from here ( . spywareinfo . com/~merijn/downloads . html" target="_blank">www . spywareinfo . com) . As the blurb says, it is "a general homepage hijackers detector and remover . Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks . It is continually updated to detect and remove new hijacks . It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites . " The log can be posted on forums for analysis and can be quite useful in tracking down dodgy things that shouldn't be on your computer . Although I have found it invaluable many times I am uncertain whether it will produce the solution to your problem . Anything is worth a try at this stage though . If you are not familiar with it I would advise that you did not try fixing anything without prior advice . |
Susan B (19) | ||
| 1 2 | |||||