help! removing hacker defender

Discussion in 'Trojan Defence Suite' started by wei_c, May 28, 2004.

Thread Status:
Not open for further replies.
  1. wei_c

    wei_c Guest

    my comp has a rootkit hacker defender 0.84 and i can't seem to delete it even though i tried a lot of times and i'm using tds-3....somebody pls help! plus, i'm also very new and a beginner when it comes to trojans and stuff so i would really be thankful if you guys could help me out.
  2. nick s

    nick s Registered Member

    Nov 20, 2002
    You could try the following from the Hacker Defender readme:

    Q: I've download hxdef, run it and can't get a rid of it. How can I uninstall
    it if I can't see its process, service and files?

    A: If you left default settings you can run shell and stop the service:

    >net stop HackerDefender084

    Hxdef is implemented to uninstall completely is you stop its service. This does
    the same as -:uninstall but you don't need to know where hxdef is.

    If you changed ServiceName in inifile Settings, type this in your shell:

    >net stop ServiceName

    where ServiceName stands for the value you set to ServiceName in inifile.

    If you forgot the name of the service you can boot your system from CD
    and try to find hxdef inifile and look there for ServiceName value and then
    stop it as above.

    Q: Somebody hacked my box, run hxdef and I can't get a rid of it. How can I
    uninstall it and all that backdoors that were installed on my machine?

    A: Only 100% solution is to reinstall your Windows. But if you want to do this
    you'll have to find the inifile like in question 1) above. Then after
    uninstalling hxdef from your system go through inifile and try to find all
    files that match files in Hidden Table. Then you should verify those files
    and delete them.

    More options for removing it can be found here: (not my page)

    Last edited: May 28, 2004
  3. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    If i look at your page i see in the ini it's using the msagent?
    Wondering for what purpose?
    I ever had some wild idea in scripting to have an emulator which detects on an attacker's system msagent and having the default agent make popup and say something educative to the portscanner/wouldbe hacker and maybe play a nice song in the end.
    So of course i like to know if the msagent server is used and for what purpose?
    Couldn't stand the idea of msagent as hackers tool. Of course it's all against the EULA, one extra reason why i never investigated further in that direction, even though the concept i just described is not all illegal.

    Have you seen this shocking thread in the same kind of catagory?

    Hope your description helps to get clean!
    Please post back the results!
Thread Status:
Not open for further replies.