Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdoor.win32.hacdef.bo problem [RESOLVED]


  • This topic is locked This topic is locked

#16
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to this site and click on the Scan for viruses link. Run the scan on your computer.

If that doesn't work either, then do this:

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop HACKERDEFENDER100
sc delete HACKERDEFENDER100
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Do a search for these files:

HACKERDEFENDER100
hxdefdrv.sys
inatjoy.dll
motkrtin.dll
witadr.dll
winunins.exe
winunins.ini
svhost.exe (not "svchost.exe")
trj4j6js.exe
ddd.exe


For the above files, also search for them in the registry. Make sure to back up your registry before doing anything though since everything done there is live. If you need help with this part, feel free to ask. I will provide more instructions if needed.
  • 0

Advertisements


#17
masmith46

masmith46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Went to the site and did the scan. It found a virus in a file called keepsafe.ini. I removed this and the hxdefdrv.sys no longer returns. I have done a scan with AVG and that comes up clean.

Would you advise reinstalling F-Secure or continuing with AVG.

Thanks for all your help.
  • 0

#18
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
So that site got rid of the problem right? Don't even need to follow the remaining steps? Just for my information :tazz:

I have never used F-Secure before, but if you like it, you may uninstall AVG and get F-Secure back. I don't think F-Secure is free though, but if you still want to keep it, you may. Don't look down at AVG because it's free though. This program has protected my laptop for years now and I have no complaints about it :)

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#19
masmith46

masmith46

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes, I am completely clear. The website found a virus in keepsafe.ini but strangely enough not the hxdefdrv.sys. I ran AVG to remove that file, and it has not returned since. Presumably keepsafe.ini kept re-installing the file.

Once again, thanks for all your help.
  • 0

#20
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP