system
June 25, 2004, 3:05pm
1
Hi. I’ve been helping my friend with his virus problems, and avast! picked up win32 Trojan-gen, but it can’t seem to remove it. The virus is supposedly located in hxdefdrv.sys. Avast, Mcafee and Norton (Mc/Nor he used those specialty remove programs).
Anyways, is it safe to just delete hxdefdrv.sys?
system
June 25, 2004, 3:22pm
2
Nevermind, found full guide at another forum. Since this might be helpful I’ll post it here:
http://forums.spywareinfo.com/index.php?showtopic=505
Restart in Safe Mode (see “How To:” below)
Enable Hidden Files (see “How To:” below)
Locate and delete the following:
hxdefdrv.sys
inatjoy.dll
motkrtin.dll
witadr.dll
winunins.exe
winunins.ini
svhost.exe (not “svchost.exe”)
trj4j6js.exe
ddd.exe
Open Regedit and click Edit > Find
(enter) “HackerDefenderDrv100” (no quotes)
Click Find Now
Highlight and delete all references found.
Click “F3” to continue searching, repeat until you see the “Completed Search” message.
Next, do the same steps for each of the above files.
Note: If you cannot delete the registry keys (Access Denied) then Right-click key and click Permissions… Set Full Control to Allow everyone rights
While still in Safe Mode: Run a full system scan with Avast.
Note: if for some reason “hxdefdrv.sys” seems to be running again in Safe Mode, repeat the “net stop” command again and then delete the files.