advice i need advice
 

i have haxdoor-h in my puter, dont ask me how i got it, but the last thing i worked on was with the sites (with the special code from the cheaters form) it tried to put something in my puter if i clicked the free site, now i thought my puter had stopped it but it didnt, it blocked my virus scanner and my puter wa full with shit, i have removed mosta nd reinstal but i still got on piece left of that haxdoor-h which will return everytime when i connct the net..... anyone knows something about it? |cry|

Thats gotta suck bigtime.I would first try and install this program and also the second link is from a messageboard

http://www.microsoft.com/athome/secu...e/default.mspx

messageboard
http://forums.tomcoyote.org/index.ph...ic=24067&st=15

another one
http://www.sophos.com/virusinfo/analyses/

http://www.informit.com/guides/conte...rity&seqNum=27

hope that helps :)

thanks me gonna try all, i am already working 10 hours to remove that pieve of shit from my puter and realy i am getting pissed huge.........i am gonna kill my puter if i cant get it fixed |cry|

I had that too..got it from reviewing a site even tho i had mega power on the virus/trojan etc..

i used hijackthis and spybot s&d.

yeah Tiny i saw that MS had a fix.. but you know i love free market commerce.. first they give you a defective product (Windows) and then they sell you the fix.. creeping cruds.. |viking|

hijackthis and spybot removs it but it keeps coming back............

Copied from a site found with google:

"From Symantec's web site:

"Registers and runs JSDAPI.EXE as a process.
Creates the following files to the %System% folder:
DEBUGG.DLL
BOOT32.SYS
C3.DLL
C3.SYS
C4.SYS
SMTAPI.SYS"

If you killed the process then deleted the files you may be rid of it. Of course nothing beats a full scan from an up-to-date anti-virus program as it will remove Registry entries as well.
"


Still looking

I can never understand why assholes make shit like this.might be a keylogger trojan piece of shit

Interesting thread from a board found n google:
http://forums.thatcomputerguy.us/ind...pic=8918&st=15
Explains a registry edit that solved the reoccurance for someone.

Other suggestions are to try an online virus scanner, since the trojan attempts to disable a local copy, it cant disable an online scanner. And to disable system restore, then reboot to safe mode and *then* try removal tools.
Good luck anyway

thanks i am trying more things now, already did some online scans and they cant find it, but if i run spybot it found it, the nasty thing is it use the restore system thing from xp , i have disabled that now and hope to get rid of the shit thing |cry|

if you remove it and it comes back, boot into safe mode (f8 before the windows screen appears) and clean it....sometimes the resident stuff is tricky

icq 266835420 if you need any help

it sucks but you kinda got what you deserved on that one! Good luck getting it all removed, make sure you also change all your passwords after you have a clean running machine - for everything!!!

cheers,
Luke

What do you mean she kinda got what she deserved on that one ?

yeah now i am awake again, the part" you kinda got what you deserved on that one" have you problems with me? or didnt you agree i removed a bunch of sites with that code? if you gonna say something, explain also why you saying that.

When I was hit late last year the bloody thing (wasn't haxdoor) re-installed itself all time because the initial infection came in form of .cab files, which are self-extracting sorta-ZIP-files, and my AV software couldn't read their content, so they remained on the hd until I removed them manually. The day before yesterday I was hit by some java trojan which installed itself in a .jar file - another self-extracting compression, and again missed by my AV (and firewall!)

So: keep eye on the error reports from your AV *, and do a housecall or two at http://housecall.trendmicro.com/ - and then manually (best in 'safe mode') drill into the directories where the AV found infections and delete all compressed files [if you want to be careful only delete the ones with names similar to the virus/trojan files].

*= you might need a piece of paper to write down all files and their location

I'm now 98% clean, just that somehow my svhost is playing up from time to time (~ once a week), and bloody XP refuses to re-install it from CD...

well one thing keeps coming back and only spybot sees it no other scanner picks it up, when i run hijack this, i see nothing strange, but if i lett spybot run it finds fix the "1 piece haxdoor-h" it gives an message saying "c:\WINDOWS\System32\klonigi.dll is not a official certificate thing from windows (or something like that), btw same as with that stupid DSO Exploit which always comes back.I will find it somewhere......

The DSO exploit that spybot finds is possibly due to you not having the windows update.. Spybot tells me that too..

Did you try that Regedit fix and look for "RAdmin" and nuke?

yep i did i cant find it, me going thru all again now, at one side i dont believe that the last haxdoor-h in my puter is dangerous because now all works, but still i cant take that risk, so going again to check all in save mode...on this moment i am running an online scan again to see if it finds something.

k :) Good luck!
I just ran spybot and highlighted the DSO, then clicked on the two arrows on the right edge middle of the screen, and it gives details and indeed it says it's a microsoft security flaw in explorer.

There is a program called EasyCleaner that can help remove orphaned registry entries, and remove programs that windows (add/remove programs) can't.. I can't think of anything else to suggest.