BackDoor.Hacdef.C trojan - can't get rid of, ALL AV s/w useless

[metroplex]

My computer got infected by the aformentioned virus... a lot of good my antivirus software was... it installed itself and now I can't get rid of it.

None of the sites have any info on this virus and none of the popular AV software makers have any info on this virus.

Please help!

I believe its based on the Hacker Defender Trojan but I cannot find the INI file ANYWHERE.

If I manage to delete svhost.exe, it comes back again.
If I delete hxdefdrv.sys, it comes back again.

 

[Big Lar]

Have you done a search in the registry for it thru regedit?

 

[metroplex]

Yes I have.

There are no signs of it.

Under "Run" I only find svhost.exe w/ a bunch of parameters, but svhost.exe is hidden in the XP Pro OS. You can delete it when using the recovery console, but it comes back again.

 

[o4o4]

metroplex

From what i have read this is not a virus but a Backdoor. It is installed manually which means someone got in your machine through some other vulnerability and manually set up the backdoor (no AV would pick it up... but OS patching might have prevented it...).
It's part of a NT rootkit and you're gonna have a real hard time finding all instances of the executable & ini as these are effectively hidden from the local system. You may be able to see the files through a networked computer though.
In any case, from the nature of compromise i would seriously consider reformatting the drive . Oh and take the box offline...

Info over here

Best Luck

 

[Big Lar]

What kind of Parameters? Maybe safe mode, or safe mode with networking?

 

[paradigm9]

stinger picks up the backdoor trojans...it may get that one. it's only like 500kb anyways

if you havent already tried that one
here