HELP!!!!!!!!!-Backdoor Hackdefender virus

[Silverbird]

Greetings everyone,

Yesterday as i was exploring the web i noticed a strange behaviour from my pc for example the home page changing all the time and the Norton Antivirus 2002 (latest definitions) closing every time i try to open it-including when windows start up (it had also dissapeared from the taskbar). Furthermore i noticed a significant drop in my pc's performance like quake3 etc.In safe mode i managed to run Norton and it found that the file hxdefdrv.sys was infected with the virus Backdoor.Hackdefender sth. I quarantined it but nothing changed the above behaviour. I run this repair thing from windows xp disk but the same as well as i totally erased the file. Nothing helped!It's really annoying Norton Antivirus not being able to run and the performance drop. I also checked the files processes but no differences. Any help would be much appreciated...(format is not an option since i've got pictures and movies from my digital camera!) i'm desperate, i've tried almost anything and nothing worked!
Please help...
thanks in advance!

AMD Athlon XP 2400+
Kingston 512MB RAM (400)
Ati Radeon 9800 Pro 128MB
Abit NF7-S rev 2.0 (nforce 2-400)
HDD Seagate Baracuda IV 60GB 7200rpm (SATA connected Sil 3112A)
Windows XP Pro (no Service Pack installed)

 

[Toejam31]

Did you follow <i>all</i> the directions on this <A HREF="http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html" target="_new">page</A> for removing the Trojan?

If this doesn't work, after deleting the registry key, you could try using the Trend Micro <A HREF="http://www.trendmicro.com/download/dcs.asp" target="_new">Sysclean Package</A> in Safe Mode, along with the latest <A HREF="http://www.trendmicro.com/download/pattern.asp" target="_new">virus pattern file</A>.

I've used this successfully in the past, when the regular antivirus solution could not launch, or was corrupted due to a system infection. However, be advised that the cleaner is slow, and may need to be run more than once after a reboot to remove all traces of the Trojan, if it is running in memory. And again, it is most effective when used in Safe Mode.

Toey

<A HREF="http://forums.btvillarin.com/index.php?act=ST&f=41&t=328&s=91c282f2e5207e99b7a652ee13b3512a" target="_new"><font color=green>My System Rigs</font color=green></A>
_______________________________________________

<A HREF="http://forums.btvillarin.com/" target="_new"><b><font color=purple>BTVILLARIN.com</font color=purple></b></A> - <i><font color=orange>Your Computer Questions Answered</font color=orange></i>

 

[blah]

The <A HREF="http://www.free-av.com/" target="_new">answer</A> to your needs.

..this is very useful and helpful place for information...

 

[peartree]

Yeah. What Toey said.

AND- for gosh sakes go out and buy a copy of Norton AV 2004. NAV 2002 was okay in its day, but it's too far out of date to be effective. Another good move is to download and install ZoneAlarm. Even the free version does a good job at stopping bad things from hitting your system.

There's no such thing as being too careful these days.

<font color=green>===</font color=green> Never assume <font color=red>ANYTHING</font color=red> <font color=green>====</font color=green>

 

[Silverbird]

Hi Toejam,

Thanks for the advice, i tried both the directions and the Trend Micro Sysclean Package. Unfortunatetly nothing worked. In safe mode this package indeed found the hxdefdrv.sys as infected with the virus it deleted it, but when i restart in Normal mode the file was still there doing the same stuff. I also installed Zone Alarm which after a while couldn't open (same behaviour as Norton), moreover i couldn't start anything with "command" and "regedit" they immediatetly close.

So format was the only sollution. Better now since i had enabled ACPI from Bios and now i get above 15 IRQ (no sharing from devices). The only thing that troubles me is if there a virus left somehow(scanned with Norton Antivirus 2002 latest definitions)since Internet Explorer when i shut down gives a message "End Programm" and then "not responding" with the send, not send options.

Anyway, thanks for the help

AMD Athlon XP 2400+
Kingston 512MB RAM (400)
Ati Radeon 9800 Pro 128MB
Abit NF7-S rev2.0 (nforce2-400 chipset)
HDD: Seagate Baracuda IV 60GB 7200rpm SATA Connected (Sil 3112A)
Windows XP Pro (again without Service Pack)

 

[Codesmith]

You definately need a better AV program than NAV 2002. NAV 2004 is great, but if you can't afford it then I would suggest Avast 4 Home which is free for home use.

I have both and actually prefer Avast because it uses less resources.

NAV 2004 is easier to install and easier to use plus Avast doesn't protect against spyware so you will need another program for that (lavasoft's adaware).

But if your budget forces you to choose between keeping NAV 2002 and Avast, I would chose avast.

BTW you don't need to format your hard drive to install windows, you can install in the existing file system so that you don't lose any personal files.

A better strategy would be to repartion your drive and keep your personal files on a seperate partion.

And of course regualar backups (I prefer Norton Ghost) are always a good idea.