I ran Xoftspy on my laptop (Windows Vista Home Premium - 32bit) & found following
Haxdoor.BGN = Trojan
Unregmp2 = Worm
My antivirus (Kaspersky) does not detect them, only XoftSpy does. I don’t think I need to tell much here as some of you may have come across Haxdoor before (at least). Xoftspy deletes it but it comes back - an old story.
Now I believe many ppl have asked abt this virus here many times but I wanted to have a fresh response since I find it difficult to go through older threats & posts in it. Tend to get me confused.
I have tried the killbox. It doesn’t delete either file.
The locations of the two malware are:
Haxdoor.GBN = C:\windows\system32\win32tm.exe
Unregmp2 in C:\windows\system32\Unregmp2.exe
I’d say it’s probably a false positive identification by Xsoftspy then. You could send the files to them mentioning that they are identified as malware but that nothing on VirusTotal confirms their identification.
Well the file you submitted to VirusTotal is not malware, which means it’s probably a legitimate Windows file, which means you really don’t want to remove it.
Remove the crappy anti-spyware program that’s telling you these programs are malware instead.
Here are some trusted and reliable anti-spyware programs:
Hmm… I’ll download these but I still feel unsatisfied This is a brand new laptop I have.
Btw XoftSpy started showing these 2 files from yesterday. Before that it didn’t show them. & my old laptop is also infested with the haxdoor.bgn in the same folder & file.
Meanwhile I have gone through various forums with ppl having found at least haxdoor.BGN, in the same directory, with their xoftspy & their files have been recognized as malwares.
sandman1981, I don’t what start arguing, just share my personal experience. I don’t trust on Xoftspy company: false positives and not that good support. I think there are better (and free) products available to do this work, including avast itself.
The thing that is bugging me the most is that I found haxdoor.BGN on my older laptop (Acer 1640, WinXP) with Xoftspy. For a while it just set there in the directory (C:\windows\system32\w32tm) but in couple of days it blocked my system restore option, disabled “Hide Files” option (did not allow me to hide anything), disabled drag & drop option & did not allow me give password to my System. I removed the password & it replaced it with logon screen & disabled the logon option. God knows I found a way around to operate my windows.
I am just afraid this might happen to my new laptop as well. So far neither Haxdoor not Unregmp2 has done anything.
So, you can just try avast full scanning and also SuperAntispyware and/or SpywareTerminator scannings.
Also, consider, on-line scanning with Kaspersky and NOD32.
I just came across a forum bashing Xoftspy. May be my c:\windows\system32\w32tm.exe & c:\windows\system32\unregmp2.exe
are not effected by malware & Xoft has lost its mind.