Quote:
|
Originally Posted by GeorgeTH
When I was hit late last year the bloody thing (wasn't haxdoor) re-installed itself all time because the initial infection came in form of .cab files, which are self-extracting sorta-ZIP-files, and my AV software couldn't read their content, so they remained on the hd until I removed them manually. The day before yesterday I was hit by some java trojan which installed itself in a .jar file - another self-extracting compression, and again missed by my AV (and firewall!)
So: keep eye on the error reports from your AV *, and do a housecall or two at http://housecall.trendmicro.com/ - and then manually (best in 'safe mode') drill into the directories where the AV found infections and delete all compressed files [if you want to be careful only delete the ones with names similar to the virus/trojan files].
*= you might need a piece of paper to write down all files and their location
I'm now 98% clean, just that somehow my svhost is playing up from time to time (~ once a week), and bloody XP refuses to re-install it from CD... |
well one thing keeps coming back and only spybot sees it no other scanner picks it up, when i run hijack this, i see nothing strange, but if i lett spybot run it finds fix the "1 piece haxdoor-h" it gives an message saying "c:\WINDOWS\System32\klonigi.dll is not a official certificate thing from windows (or something like that), btw same as with that stupid DSO Exploit which always comes back.I will find it somewhere......