Backdoor.Haxdoor virus

  G0lfer 10:54 23 Nov 2005

Yesterday while I went to work I left my PC active with Outlook running. This is an XP machine running on Telewest Broadbank and has a fully up to date Norton Internet Security package running.

When I got back from work I just checked my mail (no new messages) and deleted without opening all the spam in antispam folder.

Then my Antivirus warning started going balistic saying that I was infected with backdoor.haxdoor.

I then went onto the Symantec website to check out the best way to get rid of it and this basically was :-

1. Disable System Restore
2. Update virus definitions
3. End malicious practise
4. Run full system scan
5. Delete registry entries

I follow these instructions to the letter (with one or two problems finding files) but I am now left with one occurance of this virus that I can't seem to shift. The antivirus software tells me that C:\WINDOWS\system32\MSplg7.dll is still infected with this virus and I can't seem to purge it with Norton.

Can anyone help with this ??

The problems I encountered with the procedure were :-

1. While performing the End Malicious Practice part I could not find the file JSDAPI.EXE in Task Manager / Processes.

2. While performing Delete Registry Entries I could not find the subkey debugg in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

3. Also while performing Delete Registry Entries I could not find the subkey TestServices in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MPRServices\TestService\MPRService

Incidentally since all this happened Google (my homepage) is not working. It just comes up with the message "Temporary closed" when I go there - coincidence ????

Any help would be much appreciated.


  keewaa 10:58 23 Nov 2005

Suggest you run a2 click here and trendmicro housecall click here and stinger click here

If it was me I would reinstall everything as you can never be 100% sure you've cleaned a compromised PC

  PaulB2005 11:00 23 Nov 2005

Boot into Safe Mode and run a full scan.

  G0lfer 12:05 24 Nov 2005

Thanx to keewaa and PaulB for their suggestions.

a2, trendmicro or stinger could not detect the file that was left affected.

I have tried to restarted the PC in safe mode but I cannot get Norton Antivirus to run in this mode. This is maybe because it is trying to access the internet. Can anyone help here ??

Going back to my original post the reason I could not find specific files was because I was looking at an earlier security alert. I now believe I have the Backdoor.Haxdoor.G variant. Also the reason why I couldn't get Google was because my home page had been hijacked which is part of what this virus does.

  G0lfer 11:14 26 Nov 2005

I have finally managed to get rid of this thing by running the trial version GriSoft AVG7.0 in safe mode.

I will raise the issue with Symantec as to why I can't run the antivirus section of Norton Internet Security in safe mode as well.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best Black Friday Deals 2017

How modern book design was influenced by illustrated manuscripts

Best Black Friday Apple Deals 2017

Les meilleurs logiciels de montage vidéo gratuits (en 2017)