Virus Threats and Removal Tools

You are here: HOME > COMPUTER > ANTIVIRUS

Backdoor.Haxdoor.H Reported: March 10, 2006

Description: Backdoor.Haxdoor.H has the capability to open a back door on the infected computer and allows unauthorized access from a remote intruder. This trojan can also logs keystrokes, steals passwords, and drops rootkits that run in safe mode.
Technical Name:	Backdoor.Haxdoor.H
Threat Level:	Low
Type:	Trojan Horse
Systems Affected:	Windows All
Detection Date:	March 10, 2006

MAIN MENU

Home

LATEST THREATS

> Bloodhound.Exploit.61

QUICKLINKS

• Antivirus

• Firewall

• Anti-Spy

• Laptop Review

• Desktop Review

• Ringtone Downloads

Secure Internet in Schools
Posted: 3-Nov-05

Internet Fraud and Online Scams
Posted: 22-Sept-05

Hacking Yahoo, Hotmail, Lycos...
Posted: 13-Sept-05

VIEW ARTICLE ARCHIVE

Backdoor.Haxdoor.H removal procedures requires technical know-how on computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer if modifications on Services and Registry have to be done

MANUAL REMOVAL:

1. Restart the computer using the Windows Recovery Console [how to]
2. Disable System Restore (Windows Me/XP). [how to]
3. Update the virus definitions.
4. Run a full system scan and delete all the files detected.
5. Delete any values added to the registry. [how to edit registry]

Navigate to and delete the subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmsk32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmsk64

Navigate to the subkey and delete values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmsk32
Values:
"secureUID" = "[RANDOM NUMBER]"
"secureTIME" = "[DAY:MONTH]"
"DllName" = "xmsk32.dll"
"Startup" = "KeLoadData"
"Impersonate" = "1"
"Asynchronous" = "1"
"MaxWait" = "1"

Navigate to the subkey and delete values:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MPRServices\TestService
Values:
"DllName" = "xmsk32.dll"
"EntryPoint" = "KeLoadData"
"StackSize" = "0"
"SecureID" = "[RANDOM NUMBER]"
"SecureTIME" = "[DAY:MONTH]"

Navigate to the subkeys and delete value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xmsk32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xmsk64.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\xmsk32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\xmsk64.sys
Value: "Default" = "Driver"

Navigate to the subkey and delete value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Value: "EnforceWriteProtection" = "0"

6. In order to make sure that Backdoor.Haxdoor.H is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

FREE ON-LINE VIRUS SCANNER

Click here to proceed

DOWNLOAD SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware: