Anybody got a fix for BackDoor.Generic3.LRT?

Anybody got a fix for BackDoor.Generic3.LRT?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Anybody got a fix for BackDoor.Generic3.LRT? Lisa Simpson 10-27-2006
Posted by David H. Lipman on October 28, 2006, 11:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Reporting results so far: finally identified as BKDR_HAXDOOR.JG
|
| - Ewido was useless for this particular nasty
| - AVG similarly useless
| - SuperAntiSpyware similarly useless
| - Avast similarly useless
| - Since it was stopping me from getting online I could not do any online
| scans, so they are useless in these cases
| - TrendMicro is worse than useless since it requires you to "Activate" via
| the web (see above)
|


The Hachdoor.Haxdoor is NO joke !
It uses RootKit technology.

Sophos is good at Haxdoor.


For: Backdoor.Haxdoor, Goldun and RazeSpyware

Marckies's HaxFax
http://users.telenet.be/marcvn/tools/haxfix.exe



Download Haxdoor.exe from the URL --
http://www.ik-cs.com/programs/virtools/Haxdoor.exe

Execute; Haxdoor.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

It is suggested that you perform a Normal Mode then a Safe Mode scan.

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if
you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have
to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in
your bowser
but your PC will automatically be shutdown. It is suggested that you move the
report out of
c:\mcafee before performing another scan.
It would be best to scan in both Safe Mode and in Normal Mode and save a copy of
the HTML
report for each session.

Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Lisa Simpson on October 29, 2006, 10:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Tried HaxFix; NFG
Tried Sophos; NFG
Didn't try HaxDoor, will have to just to see . . .

>
> | Reporting results so far: finally identified as BKDR_HAXDOOR.JG
> |
> | - Ewido was useless for this particular nasty
> | - AVG similarly useless
> | - SuperAntiSpyware similarly useless
> | - Avast similarly useless
> | - Since it was stopping me from getting online I could not do any online
> | scans, so they are useless in these cases
> | - TrendMicro is worse than useless since it requires you to "Activate"
via
> | the web (see above)
> |
>
>
> The Hachdoor.Haxdoor is NO joke !
> It uses RootKit technology.
>
> Sophos is good at Haxdoor.
>
>
> For: Backdoor.Haxdoor, Goldun and RazeSpyware
>
> Marckies's HaxFax
> http://users.telenet.be/marcvn/tools/haxfix.exe
>
>
>
> Download Haxdoor.exe from the URL --
> http://www.ik-cs.com/programs/virtools/Haxdoor.exe
>
> Execute; Haxdoor.exe { Note: You must accept the default of C:\McAfee }
> Choose; Unzip
> Choose; Close
>
> Execute; c:\mcafee\clean.bat
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
> FireWall to enable WGET.EXE to download the needed McAfee related files.
>
> It is suggested that you perform a Normal Mode then a Safe Mode scan.
>
> A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
> C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan,
it will be
> displayed in your browser (Opera, FireFox or Internet Explorer). However,
if you are using
> WinXP, Win2K or Win2003 your system will be left in a state where you will
have to manually
> shutdown/reboot the PC. On Win9x/ME platforms the report will not be
shown in your bowser
> but your PC will automatically be shutdown. It is suggested that you move
the report out of
> c:\mcafee before performing another scan.
> It would be best to scan in both Safe Mode and in Normal Mode and save a
copy of the HTML
> report for each session.
>
> Please Copy and Paste the contents of the HTML Log files;
> C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your
reply.
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>



Posted by David H. Lipman on October 29, 2006, 12:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Tried HaxFix; NFG
| Tried Sophos; NFG

Lisa:

If you tried Marckies'HaxFix then this means it is a NEW Backdoor.Haxdoor
variant. Marckie
is usually ontop of new variants. I am surprised. If indeed this is a new
variant and you
have a sample or the source of the Haxdooer infection (web site or installer)
I'd like that
sample or information so I can provide it to Marckie.

Please let me know.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Lisa Simpson on October 30, 2006, 7:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Wish I had the info you need, but I do not; all I can tell ya is what I had
to do to delete it (posted earlier); perhaps he could build a filter based
on that? Essentially, remove all reference to anything "yvbb_ _ ._ _ _" in
t he registry, as well as the other 2 files I mentioned; & figure out a way
to delete the related hidden folders & files off the harddrive . . .

>
> | Tried HaxFix; NFG
> | Tried Sophos; NFG
>
> Lisa:
>
> If you tried Marckies'HaxFix then this means it is a NEW Backdoor.Haxdoor
variant. Marckie
> is usually ontop of new variants. I am surprised. If indeed this is a
new variant and you
> have a sample or the source of the Haxdooer infection (web site or
installer) I'd like that
> sample or information so I can provide it to Marckie.
>
> Please let me know.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>



Posted by =?Utf-8?B?UGFuZGFfbWFu?= on October 28, 2006, 4:13 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
"Lisa Simpson" wrote:

> Anybody got a fix for BackDoor.Generic3.LRT?
>



What is the software detecting this trojan . You show a generic detection
for a particular trojan family .

Where exactly is this trojan located ? When did you notice it ?

Have you tried disabling System Restore , scan in Safe Mode with various
tools .

Scan with Panda's online free ActiveScan which removed viruses , worms and
trojans free http://www.activescan.com

Regards!
--
Panda_man
Silver level Contributor

Similar ThreadsPosted
Trojan horse BackDoor.Generic3.EKW September 9, 2006, 10:14 pm
trjan horse backdoor.Generic3.LFJ September 15, 2006, 7:07 am
W32/Backdoor.KPI May 25, 2006, 7:22 pm
Backdoor.HackDefender July 14, 2005, 10:56 pm
Need help with backdoor.prorat October 20, 2005, 6:13 am
backdoor.trojan April 25, 2006, 1:43 pm
w32\backdoor.aaol January 27, 2007, 11:21 am
Backdoor.Delf.aki February 22, 2007, 1:27 am
Backdoor Trojan? March 2, 2007, 11:12 am
irc backdoor trojan May 9, 2008, 8:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy