Haxdoor-H

finz · #1 Dec 16, 2004, 08:25 PM

can anyone help with a fix to remove this one? Thanks in advance

fredg · Dec 17, 2004, 11:07 AM

Hi,
Go to:

http://www.sophos.com/virusinfo/anal...jhaxdoorh.html

Left click on the link (right hand side) "Download IDE File".
After downloading, left double-click on it to execute it. It will fix it.

Then, follow these steps:
If you have the following programs; run them as below.
Spyware/Advertising ware removal

http://www.security-related.com/download2.htm
Download: SpyBot Search & Destroy; 1.3

AdAware at:
www.lavasoftusa.com
Download: AdAware_SE

Both the above programs run better and much faster when run in SafeMode.
It's best to run the AdAware scan first; 3 times; then re-boot.
Then, run the AdAware scan again 3 times; then run the SpyBot.
Re- Boot.
Reason for running so many times:
Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
Running multiple times deletes most of it the first time.
Also, if you notice the little green computer lights that show your dial-up connection to the internet staying on when they shouldn't be, located on the bottom right of the system tray, disconnect immediately and run AdAware. These lights staying on means that some URL is sending or receiving spyware/advertising ware to or from your computer, most of the time.

If the above doesn't work, then try editing the Registry. BE CAREFUL when deleting things from the Registry; your computer might not re-boot.
When the computer boots up, the Registry tells it what programs to run; telling it to run the SpyWare/Advertising programs first, if in the computer.
Here are steps for deleting things that startup when you boot up the computer:

Go to Start/Run. Type in "regedit" without quotes, then click on OK.
At the top, Click on "Edit", then "Find".
In the space Find What: type in what you want to find. (in this case, RUN).
Then, put a check mark by "Match whole string only". This will keep the search from stopping at every word it finds, like the word "run", etc.
Then click "Find Next". It will search the registry for the first entry you typed in.
It will "open" a folder on the left hand side of the screen, showing what is in the folder on the right hand side. If you know that an entry on the right hand side is something you no longer have, or has just been added with a name you don't know, then right click on it, then left click "delete", tell it Yes or OK to remove it.
Then, press F3 on the top of the keypad to continue the search.
When finished, at the top, click on File, Exit.

Any StartUp programs, that start when the computer boots up will be listed in folders on the left hand side of the screen with names like:
RUN, RUNSERVICES, RUNONCE, RUN-, etc.
Click on the next folder down with the name RUN in it, to look at its startups on the right hand side.

If the spyware/advertising program has re-set your home page; you will have to type in the home page you want.; click on Apply, and OK.

You can also run a free online virus scan from:
http://www.trendmicro.com/en/home/us/enterprise.htm

Best of luck,
fredg



At Ask Me Help Desk you can ask questions in any topic and have them answered for free by our experts. To ask questions or participate in answering them you must register for a free account. By registering you will be able to: Get free answers from experts in any of our 300+ topics. Accept money for answers that you provide. Communicate privately with other members (PM). See fewer ads. Sign Up!