Jump to content

Virus ggrrr!

dan19_83

By dan19_83
in Computer Science

 Share

Recommended Posts

dan19_83

dan19_83

Posted
Posted

I was dowloading something off of a website today and i clicked on a link and guess what. I got a big fat virus. A good one too i must admit cause i've spent all freaking day trying to get rid of it and just will not go away :mad::mad: .

 

It's called the backdoor.haxdoor virus i think. i've tried everything, ad-aware, spybot, stinger, symantec, but if anyone has anysuggestions, then that would be great.

Link to comment
Share on other sites
Dak

Dak

Posted
Posted

hmm, symantech isnt the best AV available, try downloading AVG free updating the virus definitions and scanning your pc, its one of the best AVs.

 

if that doesnt work, then try the following:

 

#uninstall the program that you installed at the same time that the virus appeared (as the program itself might be installing the virus -- i remember spending ages trying to get rid of Cydoor before realising that flashget download-accelorator was installing it everytime that my pc booted up)

#turn system restore points off, (right click 'my computer' and select properties. click 'turn off system restore' under the 'system restore' tag)

#restart in safe mode (repeatadly poke F8 whilst your pc boots up)

#bring up the task manager (ctrl-alt-del) and look, under prosesses, for JSDAPI.EXE, select it (if its there) and click 'end prosess'

#scan again with AVG.

 

failing that, download microsoft antispyware beta and repeat the prosess with m$ antispyware inplace of AVG.

 

if that doesnt work swear loudly and hit your pc

 

(dont forget to turn system restore back on after you have removed haxdoor)

Link to comment
Share on other sites
Newtonian

Newtonian

Posted
Posted
I was dowloading something off of a website today and i clicked on a link and guess what. I got a big fat virus. A good one too i must admit cause i've spent all freaking day trying to get rid of it and just will not go away :mad::mad: .

 

It's called the backdoor.haxdoor virus i think. i've tried everything' date=' ad-aware, spybot, stinger, symantec, but if anyone has anysuggestions, then that would be great.[/quote']

I will post you help tomoro Dan....too tired to think at the moment :-(

No worries though,just make sure you always scan before opening files.Invest in a good AV like mcafee.Trust me on that one.

Link to comment
Share on other sites
Dak

Dak

Posted
Posted

AVG and avast are two of the very best antiviruses going. and theyre free

 

zone alarm is one of the very best firewalls going. and its free. i believe kerio firewall is also highly recommended, and also is free.

 

the only anti-malware program you can justify paying for is an anti-slyware* one -- the free antislywares, even m$-antispyware, are not 100% comparable to the payed-for ones such as spysweeper. even then tho, you can get away with using the free ones as long as you know a little about computers.

 

----------------------------------------------------------------------------

 

*slyware = spyware, adware, dialers, browser hijackers etc.

Link to comment
Share on other sites
The Thing

The Thing

Posted
Posted

Go search your registry, either for the key (if you know from websites, but you probably don't know cuz you are asking here), or for the startup programs. OR you can go to MSConfig and look at the start up and boot INI. If you are going to do anything boot your computer in safe mode. OR go online and try to find a solution for that virus. If nothing, no AV works, reinstall your system if you have to. AND if it's anything like W95.CIH, which attacks the boot sector AND BIOS, well, then you'll have to find an alternative.

Link to comment
Share on other sites
Dak

Dak

Posted
Posted

haxdoor leaves the bios alone. its a relatively lame infection, although it was apparently bitching when it first came out. to be honest should be no problem for AVG.

 

mannualy deleting the registry keys shouldnt be nessesary, but if it is:

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debug

 

and

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\

MPRServices\TestService\MPRServices\Testservices

 

should be deleted after the scan.

 

dont screw with your registry if you dont know what your doing.

Link to comment
Share on other sites
The Thing

The Thing

Posted
Posted

Yes. If you are going to play around (or delete a virus's registry entries) in the registry, backup(export the registry) first onto a seperate disk (like an external if you have one) before you proceed, unless you are confident with your skills with the registry, in which case you should also backup.

Link to comment
Share on other sites
Newtonian

Newtonian

Posted
Posted

Dan its a little beauty,

Its not really malicious it keylogs for passwords/ creditcard details etc,then emails them to some scumbag.Apart from that it wont harm your pc.

As it does a really good job of hiding itself, a manual removal i imagine would be a little daunting and pointless if you dont delete all its parts.Before you remove it you need to turn off system restore(i hate it btw) because it hides in there as well and no Av software can clean your restore folder(just a little bit of info) so PM me with your email and i will give you a small AV that removes it auto.

Then i rec you buy a good AV like mcaffee(around £40)or NAV 2005 money well spent!

Obviously i cant supply you with these its illegal :)

And thats it really just be carefull in future what you DL

Link to comment
Share on other sites
atinymonkey

atinymonkey

Posted
Posted

It's called the backdoor.haxdoor virus i think. i've tried everything' date=' ad-aware, spybot, stinger, symantec, but if anyone has anysuggestions, then that would be great.[/quote']

 

Here are two webstes that describe a step by step process for removing the virus and it's related entitys, they are quite simple to follow: -

 

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076689

 

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.html

 

Although it may help to download this bit of kit : -

 

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076689

 

to control browser based addons, and get rid of any malware manually.

 

Edit: - The backdoor.haxdoor disables firewalls, so I'd recommend you physically disconnect from the internet as soon as you have a copy of the removal guides. If you have it, it's reporting back to the owner right now.

Link to comment
Share on other sites
dan19_83

dan19_83

Posted
  • Author
Posted

wow, thanks everyone for yer quick and helpful reponses.

I managed to sort out a few things that the virus messed up but there are still a few things left. I'll try and skim through everything that ye have posted and try and fix this damn laptop.

 

Dan its a little beauty' date='

Its not really malicious it keylogs for passwords/ creditcard details etc,then emails them to some scumbag.Apart from that it wont harm your pc.

As it does a really good job of hiding itself, a manual removal i imagine would be a little daunting and pointless if you dont delete all its parts.Before you remove it you need to turn off system restore(i hate it btw) because it hides in there as well and no Av software can clean your restore folder(just a little bit of info) so PM me with your email and i will give you a small AV that removes it auto.

Then i rec you buy a good AV like mcaffee(around £40)or NAV 2005 money well spent!

Obviously i cant supply you with these its illegal :)

And thats it really just be carefull in future what you DL[/quote']

 

I'll pm you my e-mail address now. thanks

 

 

Because it's only a crappy laptop and i probably won't need it for much longer, i won't be investing in anything like Mcaffee but i will try and download the free stuff off of the internet (if i fix it).

 

For future reference for anyone: I went onto a website and was able to get a free virus scan called panda. It was actually quite good, i'd recommend it to anyone who has a virus.

http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

 

Just click on free scan and away you go! probably worth doing even if you don't think you have a virus.

Link to comment
Share on other sites
dan19_83

dan19_83

Posted
  • Author
Posted
Here are two webstes that describe a step by step process for removing the virus and it's related entitys' date=' they are quite simple to follow: -

 

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076689

 

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.html

 

Although it may help to download this bit of kit : -

 

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076689

 

to control browser based addons, and get rid of any malware manually.

 

Edit: - The backdoor.haxdoor disables firewalls, so I'd recommend you physically disconnect from the internet as soon as you have a copy of the removal guides. If you have it, it's reporting back to the owner right now.

 

These look good, thanks for your effort. Thank you all.

 

I'll be delighted if my laptop is ok after this, sounds like it will.

 

Damn hackers! :D

Link to comment
Share on other sites
5614

5614

Posted
Posted

Hmmm, seems I missed most of the action!

 

Just one thing I picked up on is all the opinions on which firewalls/AVs etc.

 

I like the norton internet security (NIS) 2005 firewall but do not like the NIS 05 AV so I use avast 4.6 -- I like that set up!

 

I didn't like ZA (zone alarm) when I used it, although it's sufficient as an AV I just don't like it as much as NIS 05.

Link to comment
Share on other sites
ed84c

ed84c

Posted
Posted
my sugestion is just dont worry about it and go on. then just buy a new computer. after that just have fun or what ever you do. and if you get another virus then buy another computer

 

Are you serious?!

 

Anyway, also download microsoft antispyware centre (free) this will also prevent any unwanted spyware manafesting itself, and it is not very memory consuming either, so it wont slow you down!

Link to comment
Share on other sites
dan19_83

dan19_83

Posted
  • Author
Posted

Hey I need some more help.

I've managed to get rid of a few things that that virus meesed up but there are still a few things that i can't do on my laptop that I am worried about.

 

1. I can't right click on my desktop or any file on my computer but i can right click on the taskbar at the bottom of the screen.

2. When I go to control panel and try and change my desktop background, I can't click on any of the files in order to get a preview of the screen. (makes sense i hope).

3. When the virus installed itself it seemed to put in its own desktop. I have found my original desktop in my documents and settings. How do I activate this desktop on start up and not the one that the virus seemed to install?

 

Any ideas?

Link to comment
Share on other sites
Dak

Dak

Posted
Posted

how did you get rid of the virus? it might help us to know wether we're dealing with bits of the virus, the entire virus or just the artifacts left by the infection.

 

please list everything that you did to get rid of it

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.