WIERD hijackthis not installing

Discussion in 'malware problems & news' started by alim, Jul 21, 2004.

Thread Status:
Not open for further replies.
  1. alim

    alim Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    17
    hi
    my computer has been invected with back door type virus. the symtoms are:
    1. i first noticed the CPU processing spiking every 7 seconds by 40-50 percent, when i had no programs running.
    2. web pages refering to hijackthis and process explorer close immediately.
    3. i have managed to download hijckthis in a zip. but after unzipping there is nothing in the folder
    4. i downloaded and burnt both hijackthis and process explorer to a CD on friends MAC. when i explore the CD on my machine the CD appears empty.
    5. tried to install bitdefender but as i was installing it the installation stopped when it was "starting services".
    6. i have done some online virus scans and they have found files relating to a virus. the file was something like bkdr hacdef. the scan also found a couple of trojans.
    7. regedit would only open in safe mode, i renamed regedit it now works, but another regedit has appeardedo_O?


    does anyone know how i can fix this or point me to a thread that will help
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
  3. alim

    alim Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    17
    i tried the link, but i could not save the file to disk. it seemed to download it but once the progress bar reaches 99% i get a message cannot copy file: cannot read from the source file or disk
     
  4. Artras

    Artras Registered Member

    Joined:
    Jul 18, 2004
    Posts:
    8
    Location:
    The Netherlands
    Click on the link in my signature and follow the instructions there.
    Also open your hosts file and remove all entries that doesn't belong there.
     
  5. alim

    alim Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    17
    still not much joy

    im scanning my drive avast which i found on that last link

    i just recieved this warning from an antivirus software i installed yesterday

    C:\WINNT\HXDEFDRV.SYS

    Contains a signature of the (dangerous) backdoor program BDS/HacDef.073.B.1 Backdoor server programs

    what is this backdoor server program?

    i still cant download hijackthis

    Artras i dont know what you mean by "open your hosts file and remove all entries that doesn't belong there" how do i do this?
    ^
    Artras ignore the above line i have just read up on hosts. i didnt remove entries the dont belong there i i changed thier IP to my local host. i have read that this blocks them. :D
     
    Last edited: Jul 21, 2004
  6. alim

    alim Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    17
    this the avast cleaner tool log

    avast! Virus Cleaner Tool - version 1.0.197 Unicode

    21/07/2004, 13:36:46
    Memory scanning started...
    No virus body found in memory.
    Memory scanning finished (15.7s).
    ----------
    Files scanning started...
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD42F.tmp... file could not be scanned!
    C:\RegProt\regprot.exe... file could not be scanned!
    C:\WINNT\hxdefdrv.sys... file could not be scanned!
    No virus body found.
    Files scanning finished (66278 files, 0 infected, 2377.0s).
    Drives scanned: C:
    ----------

    i deleted C:\WINNT\hxdefdrv.sys
    should i delete ~DFD42F.tmp?
     
Loading...
Thread Status:
Not open for further replies.