hvordan fjerne Backdoor.win32.haxdoor.cn?

[audunrr]

F-secure klarer ikke å fjerne Backdoor.win32.haxdoor.cn i C:\WinNT\system32\drct16.dll. Noen som kan hjelpe meg med å bli kvitt den?

Har flere andre anti spyware og virus program. Ad-aware special edition, Spybot search and destroy og spy subtract, ingen av dem hjelper.

[Dahl]

Forsøkt å fjerne viruset i sikkermodus? Trykk F8 under oppstart av Windows for å velge å starte i sikkermodus.

[audunrr]

F secure virket ikke i sikkerhetsmodus. I normalmodus klarer F-secure å rename, men ikke delete eller disinfect. Men det hjelper ikke å rename, hver gang jeg starter på nytt skjer det samme igjen.

[zjulik]

Post en HJT-logg (sigen min).

[audunrr]

Logfile of HijackThis v1.99.1

Scan saved at 09:34:59, on 06/27/2005

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\slserv.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\khooker.exe

C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\Documents and Settings\Administrator\Desktop\Virus program\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [siS KHooker] C:\WINNT\System32\khooker.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NclConf.exe"

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Disk Keeper] C:\WINNT\System32\Services\{65C62532-CBCF-4064-B3D1-91F004A360F2}\SECURITY.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://www.skandiabanken.no/CertControl/x86/xenroll.dll

O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe

[audunrr]

Problemet har ikke dukket opp i det siste, men det er jo mulig at det er noe der for det om

[Dahl]

Søk gjennom alle harddsikene dine med antivirusprogrammet ditt, da får du vite om du fortsatt har problemet.

[audunrr]

Siste gang jeg kjørte f.secure var det borte.

Den fant viruset i lå i Win32\system32\drct16.dll og mszx23.1xe

Jeg har også en fil som heter drct16.0ll, disse fil extensions synes jeg virker mistenkelige, bør de slettes?