Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Haxdoor.hm (trojan) [RESOLVED]


  • This topic is locked This topic is locked

#61
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Sorry Mike for the pm. I did not know what Cracks were, and wanted to know without showing my ignorance. :) Thank you for all your help. I really do appreciate it, and you can consider this thread now closed. It is exciting to have a "clean computer" again. Thank you! :)
  • 0

Advertisements


#62
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
I understand - but no question is dumb so never be shy about asking :) By posting here it will benefit others who may be asking themselves the same thing.

I'm glad to hear everything is OK :)

Take care and have a great day still!

Mike
  • 0

#63
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#64
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Topic re-opened at users request.

Hi there,

You need to be wary of these rootkit scanners - they produce a lot of false positives.
The temp file you see there in the sophos report may have been 'hidden' at the time of the scan,
that doesn't make it a rootkit.
The second is found in your System restore which I gave you instructions to clean, Heur.Invader is a generic detection and it could very well be one of the tools we used.

To get rid of it...

Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.

First, click the System Restore tab.
  • Check the box beside "Turn off System Restore"
  • Click "Apply"
  • At the prompt, click "Yes"
Wait while your system deletes existing Restore Points, this may take a few moments.
  • Uncheck the box beside "Turn off System Restore"
  • Click "Apply"
  • At the prompt, click "Yes"
Your system will now create a new Restore Point.

I will re-open the thread and post this response there as well, if you have any questions please ask :)

Mike
  • 0

#65
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
thank you Mike for reopening the topic...I did wipe the system restore and make a new point, that is why I do not understand why there is a corrupted file there...

This scan is from Sophos Anti-Rootkit taken today...

> Area: Local hard drives
> Description: Unknown hidden file
> Location: C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\spool\fms25C.tmp
> Removable: Yes (but clean up not recommended for this file)
> Notes: (no more detail available)

KAV 7.0 found this last night. This was after I thought the computer was clean, and I set a new restore point, and the others were deleted. This scan was a my computer scan, not a regular rootkit scan...

not found: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0000160.exe

I will delete the current system restore, and set a new one.
  • 0

#66
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Yup that was your PM to me, my answer is above. The file found in system restore could very well be a tool we used, but anyways if you don't restore your system to an earlier time it's harmless (of course it needs to be removed by flushing your old restore points.)
  • 0

#67
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Okay I got rid of the old restore point by the steps you said, and created a new one.
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\spool\fms25C.tmp
Can this one be removed by using ATF cleaner...looks like maybe a temporary file?
  • 0

#68
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
I'm pretty sure it is an FP - you need to stop worrying, if you can't trust that your PC is clean you need to reformat as that is the only way to be 100% sure.. RootKit scans are not 100% reliable and produce a lot of False positives, or better said - the results of rootkit scans aren't 100% reliable, not everything it finds is bad.

We can scan it if it helps to ease you.

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\spool\fms25C.tmp
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Even better - you can delete it C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\spool\fms25C.tmp

Edited by Mike, 10 August 2008 - 12:15 PM.

  • 0

#69
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
It says it cannot find upload file. I clicked right on it, and hit upload from the browse button.

I just decided to delete it. I scanned that file with KAV 7.0 and it did not see it as a threat. But I deleted it to make sure. Thanks Mike.

Edited by kelkay, 10 August 2008 - 12:34 PM.

  • 0

#70
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Any other questions?
  • 0

Advertisements


#71
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
No I don't have any more questions. Thank you for your help again. :)
  • 0

#72
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
OK, take care :) Always ask if you are unsure. I will mark the topic as resolved once again.

Mike
  • 0

#73
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP