help ??

Ive got a bad virus and avast doent detect it

its so far taken over Service Pack 2 , killed windows security centre !!
and ever time i turn my computer on Anti spyware venus spytrap
stops about 8000 web pages and exe.files from been downloaded

the list is endless u know the ones

www.sex.com
www.xxx.org
www.codec-inst.com
www.codec-view.net
and the list goes on and on and on !!!

i installed ad-aware se , spy sweeper,spybot ,anti spyware
there all detect so form of trojen but it doesnt seem to get rid!

most of them say :

trojan-backdoor haxdoor
system monitor found: potentially rootkit masked files

i dont really want to do anything on the net ie. type passwords and
so on ! whiles all this is going on

any help i would be greatfull

ps yes my avast is up to date 4.7 compilation date 27/09/2006, file ver 0639-3

Hi jamie,

Please don’t post links to malware sites!

Haxdoor is a rootkit so you will need to use a program capable of removing rootkits. I suggest you try F-Secure BlackLight first.

I’ll give you a link in a moment, but please be sure to follow these instructions.

Update all your anti-malware programs if you can.

Download blacklight.

Disconnect your internet connection.

Install and run BlackLight. Remove any hidden files it finds.

Run a boot time scan with avast!

Run scans in safe mode with all your anti-spyware programs.

http://www.pchell.com/support/safemode.shtml

Repeat the process until there are no more detections!

Make sure you have a firewall up and running, Windows firewall at least.

(If you don’t have a third party firewall, I’d recommend downloading Zone Alarm Free before you start cleaning and installing it at this point.)

Reconnect to the internet and check for symptoms.

If you are symptom free, I suggest a visit to Microsoft Update to download any critical updates- an out of date OS will allow reinfection.

Here’s the link for BlackLight:

http://www.f-secure.com/blacklight/

Good luck!

Hi dont worry them links i put up was made up examples
im now typing this on my secondary boot drive with windows 64 bit.

I can no longer gain access to Windows XP Pro as microsoft have
disabled explorer.exe , after i wrote this thread my favorites list
was hijacked and replaced with hundreds of adult websites
and then , a windows prompt box came up statin that the systems
explorer.exe has to be shutdown to provent any further damage
to my system . the computer restarted and now it just freeze
at the windows xp Welcome page ! :cry:

i will download the programs as said but when i run them
will they scan my other drive aswell ?

:o it wont work on windows 64 bit edition :cry:

Oops!

OK, you need to find something that works on 64 bit.

You could try the Sophos anti-rootkit tool:

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

I can’t guarantee it will work because it doesn’t give the system requirements, but you can try.

You could also try the AVG anti-rootkit tool:

http://www.freewarefiles.com/downloads_counter.php?programid=22524

Again, no guarantee it will work.

Or UnHackMe (Free working trial):

http://www.greatis.com/unhackme/

If you can access the HD from your secondary drive, you could run a scan from there. That’s outside my experience, but maybe somebody else could offer you some advice …

ran all 3 of them programs they havent found anything
i think the virus has gone but has damaged windows
and has left it un-operational ! >:(

By far the best solution will be to reinstall the operating system from the rescue disc that came with your computer, or the original Windows disc.

If you want to save files, you may be able to boot into safe mode, or access files from the other drive?

If you reinstall, make sure the first thing you do is to visit Microsoft Update and download all the critical updates. If you need to reboot, return again to check there are no more.

A operating system which is not patched allows easy infection by malware.

You may want to read this document:

So how did I get infected in the first place?

http://www.castlecops.com/postlite7736-.html

In addition to the advice there, please be careful with email attachments. Many ISP check emails for viruses, but they can still get through. Never claick on email attachments unless you know the person who sent it and what it is- email addresses can be faked.

With any luck we can help you avoid getting in the same situation again!

thanks for the info, i purged the drive then re-installed
windows , then went on windows update all is in order now

i have compressed the old data from “My Documents” in a secure Zip
and have done plenty of scans on it doesnt find anything but im not
going to execute it yet untill i no im safe

thanks again for the help

No problem!

I suggest you “quarantine” the old data for as long as possible- the longer you leave it, the less likely it will contain a virus that hasn’t been added to anti-virus definitions- then scan it again avast! and the Kaspersky online scanner.

Other programs on your computer may need updating- especially Sun Java, as older versions have security vulnerabilities.

See here:

http://blog.washingtonpost.com/securityfix/2006/08/sun_acknowledges_major_oops_in.html