Ask Experts Questions for FREE Help !
Ask
    finz's Avatar
    finz Posts: 2, Reputation: 1
    New Member
    		  
    #1

    Dec 16, 2004, 10:25 PM
    Haxdoor-H
    Can anyone help with a fix to remove this one? Thanks in advance
    fredg's Avatar
    fredg Posts: 4,926, Reputation: 674
    Ultra Member
    		  
    #2

    Dec 17, 2004, 01:07 PM
    Haxdoor-h Trojan
    Hi,
    Go to:

    http://www.sophos.com/virusinfo/anal...jhaxdoorh.html

    Left click on the link (right hand side) "Download IDE File".
    After downloading, left double-click on it to execute it. It will fix it.

    Then, follow these steps:
    If you have the following programs; run them as below.
    Spyware/Advertising ware removal

    http://www.security-related.com/download2.htm
    Download: SpyBot Search & Destroy; 1.3

    AdAware at:
    www.lavasoftusa.com
    Download: AdAware_SE

    Both the above programs run better and much faster when run in SafeMode.
    It's best to run the AdAware scan first; 3 times; then re-boot.
    Then, run the AdAware scan again 3 times; then run the SpyBot.
    Re- Boot.
    Reason for running so many times:
    Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted.
    Running multiple times deletes most of it the first time.
    Also, if you notice the little green computer lights that show your dial-up connection to the internet staying on when they shouldn't be, located on the bottom right of the system tray, disconnect immediately and run AdAware. These lights staying on means that some URL is sending or receiving spyware/advertising ware to or from your computer, most of the time.

    If the above doesn't work, then try editing the Registry. BE CAREFUL when deleting things from the Registry; your computer might not re-boot.
    When the computer boots up, the Registry tells it what programs to run; telling it to run the SpyWare/Advertising programs first, if in the computer.
    Here are steps for deleting things that startup when you boot up the computer:

    Go to Start/Run. Type in "regedit" without quotes, then click on OK.
    At the top, Click on "Edit", then "Find".
    In the space Find What: type in what you want to find. (in this case, RUN).
    Then, put a check mark by "Match whole string only". This will keep the search from stopping at every word it finds, like the word "run", etc.
    Then click "Find Next". It will search the registry for the first entry you typed in.
    It will "open" a folder on the left hand side of the screen, showing what is in the folder on the right hand side. If you know that an entry on the right hand side is something you no longer have, or has just been added with a name you don't know, then right click on it, then left click "delete", tell it Yes or OK to remove it.
    Then, press F3 on the top of the keypad to continue the search.
    When finished, at the top, click on File, Exit.

    Any StartUp programs, that start when the computer boots up will be listed in folders on the left hand side of the screen with names like:
    RUN, RUNSERVICES, RUNONCE, RUN-, etc.
    Click on the next folder down with the name RUN in it, to look at its startups on the right hand side.

    If the spyware/advertising program has re-set your home page; you will have to type in the home page you want.; click on Apply, and OK.

    You can also run a free online virus scan from:
    http://www.trendmicro.com/en/home/us/enterprise.htm

    Best of luck,
    fredg
Not your question? Ask your question View similar questions
 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

How to remove HAXDOOR-H? [ 2 Answers ]

It shows up in my spybot search and destroy. When I go to my security tab in ignore products it shows this trojan. Do I need to worry about it? Shouldn't I remove it? If so can anyone give me some direction? Don

View more questions Search