Remove backdoor.hackdoor

Welcome to MG's!

Well it would be more useful if you posted a log of what was found by Spyware Doctor!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

You must follow ALL the steps I gave you in message # 2. If you just post a HijackThis log without completing those steps, we will just tell you to complete the READ & RUN ME first.

Make sure you attach the requested logs from step 6.

 

What about the log from Panda Active Scan?

 

Also please install HijackThis to the proper folder as requested in step 7 of the READ & RUN ME.

I saw evidence of SpywareStrike in your BitDefender log. Are you still having problems with SpywareStrike?

What version of SpySweeper are you running and what is the definitions version? It looks to be old! Can you attach a log from SpySweeper?

Make sure you have viewing of hidden and system files enable as in the step 2 of the READ & RUN ME. Then use Windows Explorer to find the below files:
C:\Windows\system32\cfgh.ini
C:\Windows\system32\pdx.dll
C:\Windows\system32\pdx32.sys
C:\Windows\system32\snowx.ini

Do these files exist? Don't do anything with them! Just tell me if you find them.

We need to run some other tools and since you Spy Sweeper seems to be out of date to me, please uninstall it and use the one I posted below.

Please see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you run both programs, attach the logs to your next post.

• Running Spy Sweeper...
• Running Ewido Security Suite ...

Your previous HJT log was obtained before running BitDefender and PandaActiveScan. That's the wrong order. Please run PandaActiveScan and then attach a new HJT log and also the activescan log. You can run Panda in normal boot mode to make obtaining the log easier.

 

You can have HJT fix the below line:
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)

Other than that your HJT log is clean. Are you having any other malware problems?

 

Didn't Spyware Doctor fix them? Or do you only have a demo version. If it is a demo, either buy the full version if you like it or uninstall it as it is a waste of resource to have it installed when it will not fix anything. You need a real full time scanner/blocker/removal tool like MS Antispyware (free).

Let's check a couple things to see!

Download Blacklight Beta

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.


Please follow the below steps to use RootkitRevealer

1. Please download and unzip Rootkit Revealer to your desktop.
2. Please leave the defaults set as they are to:
   • Hide NTFS Metadata Files: this option is on by default
   • Scan Registry: this option is on by default.
3. Launch rootkit revealer on the system and press the Scan button.
4. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. It may take a long time please disconnect from the internet and leave the PC to be scanned until it is finished.
5. The log can be very large please edit out the items in the following folders in the log : C:\System Volume Information, if in the log, before posting it.
6. Please attach the the log here in this thread to your next post.

 

• Please download the attached AVPKfix.zip file and extract it to your Desktop.
• Open the AVPKfix Folder on your Desktop and DoubleClick on AVPKfix.bat to run the fix.
• Now reboot your PC
• After reboot, run Rootkit Revealer again and attach the new log
• Also run SpywareDoctor again and attach the log from it.
• Also in the AVPKfix folder there should be a file named avpklog.txt. Upload it as an attachment too.

 

Didn't you look at everything in the message window??????

There is an attachment! The first bullet item indicated this.

 

Do you know how to use regedit? If so we need to figure out what the heck Spyware Doctor is trying to show with those registry keys. I'm not sure what the registry key is.

Is it really these as it shows:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectaHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta##High
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}High
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}##High

Or is it really all just under a registry key named
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta

that is, without the 'High' at the end.

 

Yes we need to delete this key. You can either do that from regedit if you are comfortable with using it. Or you can use the below registry patch which should work (as long as the registry key is not protected in any form - malware can do this).

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.