| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 47756 | 2004-08-05 00:19:00 | gtzegs.outhost.info | lpaint (5949) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 258342 | 2004-08-05 00:19:00 | after I downloaded a Zone Alarm update yesterday I have been plagued by viruses 'bnnbnbf.exe Dc765.sys and hxdefdrv.sys/ I have since managed to get rid of these but I still have a problem which I am not sure if it is related or not. IE6 will not hold my home page settings. It keeps defaulting to a web page 'gtzegs.outhost.info'. Can anyone help me with this problem. | lpaint (5949) | ||
| 258343 | 2004-08-05 00:35:00 | Hi lpaint and welcom to PressF1. It sound like you have some spyware on your PC. Have a read through this (pressf1.pcworld.co.nz) FAQ. |
CYaBro (73) | ||
| 258344 | 2004-08-05 00:37:00 | Follow the suggestions outlined in the forum's Spyware FAQ. (pressf1.pcworld.co.nz) If that does not solve the problem post back for more help. | tommy (2826) | ||
| 258345 | 2004-08-05 08:23:00 | I have run Ad-aware and found some unconnected problems that have been delected. It appears according, to AVG antivirus, that is is a trojan horse 'backdoor.hacdef.c' Norton found this as well but called it a different name. The problem is trying to get rid on it. The file is 'hxdefdrv.sys in the Winnt directory. There also appears to be a key in the registry run, of 'svhost.exe-sr-0' The file is deleted but next time I reboot they are there again. This is causing my CPU to run at 100% usage so things are taking a long time. Trend Micro gives this file as BKDR_HACDEF.73.B They discribe my problem quite well but I still can not get rid of it. | lpaint (5949) | ||
| 258346 | 2004-08-05 08:33:00 | try spybot- search and destroy (http://www.safer-networking.org) | Megaman (344) | ||
| 258347 | 2004-08-06 00:20:00 | Still having problems. Could not download spybot. Downlaods to 99% then says it cannot access the file. Did manage to download and run spyware doctor that located 100 adware links. I found the problem with the start page when I ran Win Patrol. It located a txt file called hosts.txt which contained 213.159.118.228. www.find-itnow.com. I deleted the contents and that fixed the home page problem. I still have the virus problem. Noron does not pick it up but AVG picks it up as a trojan horse AP0.sys and also had AP1.sys. they are residing in 'norton antivirus\quaratine\incoming\' delete them but they reappear at the next reboot. Has anyone any ideas how to prevent them coming. Did a search on them on Google and found no information at all. Is this something very new? |
lpaint (5949) | ||
| 258348 | 2004-08-06 02:33:00 | It sounds like you are running Norton Antivirus as well as AVG . That is a bad idea - you will need to disable Nortons when running other antivirus programs . If you do not have a current subscription to keep Norton AV up-to-date then I would remove it entirely and run a registry cleaner afterwards to clear out the scraps . Did you follow all the suggestions in the Spyware FAQ? You will need to delete all your temporary and temporary internet files and clear out your history and cookies as well . Use a program like CCleaner or ToniArts EasyCleaner for that job . Your Hosts file may also have other undesirable entries in it as well . All you should have in it is one line like this: 127 . 0 . 0 . 1 localhost If there are any others, delete them and save the file . After doing all of the above run AVG again in Safe Mode . If you still have your problem I would suggest downloading and running Stinger, CWShredder and HijackThis as per the Spyware FAQ . Let us know how you get on . |
Susan B (19) | ||
| 258349 | 2004-08-06 03:01:00 | Can you tell us what OS you have. If windows ME or XP you'll have to turn off the restore and delete the beastie in safe mode. Cheers Murray P |
Murray P (44) | ||
| 258350 | 2004-08-06 10:51:00 | This site has a lot to do with my problems. www.megasecurity.org I have spent all day trying to sort things out. I am running w2000 with AVG virus software at the moment but was running Norton up to yesterday. I have been following forums all day and get bit and pieces together. No one had the complete answer. I do not think there is one at the monent. AVG says I have a trojan horse backdoor.hacdef.c. Identifies a file AP0.sys in the Norton AV directory quaratine/incoming. At time the file AP1.sys appears as well. Also the file hxdefdrv.sys is identified in the winnt directory as a virus. They are all related. At a suggestion I did a search of the registry for 'outhost' I found a lot of keys with roiurn.outhost.info/sp.php. I have deleted all these and that has solved my home page problem. Every time the file identified as trojan horses hxdefdrv.sys and AP0.sys were deleted they reappeared on the next reboot. Do anyone know what is loading these. I think there may be hidden files that I can not see that are getting loaded. One suggestion is a hidden file winunins.ini how do I make this visible? I have half fooled the horse by editing the files in safe mode and deleting its contents. That has partly worked but it has loaded AP1.sys in the Norton directory. It was interesting that when I ran the Norton AV with the files present (AP0.sys) it did not pick it up. |
lpaint (5949) | ||
| 258351 | 2004-08-06 22:43:00 | I have read a few threads on other forums recently about viruses and trojans like this recreating themselves after every boot up . Not sure whether you have the same thing or not but they sounded a real nightmare to try and get rid of, taking days and days of everyone's time and I never did find out if they solved the problem or not . I can't offer any more advice, sorry, but if you are spending so much time trying to get rid of them it might be quicker to just reformat and start again . Unless you enjoy a challenge, of course . |
Susan B (19) | ||
| 1 2 | |||||