Haxdoor_H

Ths trojan is on my mates computer (hey - I got rid of the other 230 virii/trojans/worms that were on there!!!) and it's being a bitch.
Adware, spybot, AVG, Trend Housecall have all been run multiple times and in different order.Currently scanning with RAVantivirus.

Is there a tool to use for this virus?

 

Please follow all the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal


If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

 

Now, this is why I asked if there was a specific tool for this virus - I now have complete boot failure, not even safe mode. I'm sure 'Last known good' is going to re-install the files that some of those progs just got rid of...

 

if you had that much crap on your machine, chances are a specific tool would catch one specific item and I'll put money down that you had MUCH MUCH more on your system than you know. That is why we have people run our tutorial. It covers most of the ground with malware. It could just as well have been one of the pieces of malware that hosed your system. You might as well try LKG to get back up. Since you had such a large problem, we'll just go ahead and ask you to post a hijackthis log as explicity directed in this thread.
Hijack This Tutorial And How To Post Your Log File

 

Thanks Kodo - I've spent about 9 hours on my 'mates' pc (he's going to owe me a beer or 10!!) clearing out junk that wouldn't have been there with some basic pc knowledge...

Here's the HJT log

[log removed]

 

uh oh.. you didn't read the instructions

you need to get the latest version and run it from
c:\program files\hjt
http://www.majorgeeks.com/download3155.html

post a new log as an attachment only.

 

Out of that log - I know that
C:\WINDOWS\system32\vtd_16.exe is BAD - I have it disabled with zonealarm to stop it doing anything online.
I don't know what these are
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe

Thanks for your help

 

OOPS! I got the version of their website, not this one... and I'm CTRL+V mad...

 

This one seems pretty nasty.
I found the following that might help you out

http://www.sophos.com/virusinfo/analyses/trojhaxdoork.html
http://help.lockergnome.com/index.php?&act=ST&f=65&t=26686

other than that, you can remove these lines in HJT

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: SPP - {0A7E7249-89E4-4FBF-B256-04DC8F8BAD69} - (no file)

 

Looking at this,Haxdoor H it seems I'm going to have to format C.
Thanks for your help Kodo

 

I don't see anything where it says you need to reformat...

 

The system wont boot in safe mode and only rarely boots normally - usually have to f8 and LKG.

 

there's always the option of yanking the drive and putting it another machine as a slave and scanning/cleaning that way. None of the malware would have init keys on that clean machine. Being more safe than sorry, I would put it in a machine that isn't critical.

 

I did just that - put his hdd in my caddy and went file deleting/regediting.
When I was doing this, AVG alerted me to another file in a hidden System Volume Information folder that had the virus.
All deleted - all gone - my mate will be happy (until he sees the beer tab )

Thanks for all your help Kodo