Haxdoor Removal: Remove Haxdoor Forever
Let our support team solve your problem with Haxdoor and repair Haxdoor right now!
Leave the detailed description of your Haxdoor problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix Haxdoor problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete Haxdoor problem removal solution.
Describe your problem here and we'll contact you in several minutes:
Warning:
1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you Haxdoor removal solution.
2) All fields of this form are obligatory.
Threat's profile
|
Name of the threat: Haxdoor |
| Command or file name: 0mcamcap.exe |
| Threat type: Spyware\trojan |
| Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista) |
Haxdoor intrusion method
Haxdoor copies its file(s) to your hard disk. Its typical file name is 0mcamcap.exe. Then it creates new startup key with name Haxdoor and value 0mcamcap.exe. You can also find it in your processes list with name 0mcamcap.exe or Haxdoor.
If you have further questions about Haxdoor, please fill in the form above and we'll contact you shortly.
» Download program to remove Haxdoor (Haxdoor Removal Tool)
Recommended Solution
If you are not sure what to delete, use our award winning program - Haxdoor Removal Tool.
Haxdoor Removal Tool will find and fully remove Haxdoor and all problems associated with Haxdoor virus.
Fast, easy, and handy, Haxdoor Removal Tool protects your computer against Haxdoor that does harm to your computer and breaks your privacy. Haxdoor Removal Tool scans your hard disks and registry and destroys any manifestation of Haxdoor. Standard anti-virus software can do nothing against malicious programs like Haxdoor. Remove Haxdoor straight away!
» Download Haxdoor Removal Tool now for free
How to fix Haxdoor
This problem can be solved manually by deleting all registry keys and files connected with Haxdoor, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Haxdoor.
To get rid of Haxdoor, you should:
1. Kill the following processes and delete the appropriate files:
• 1.a3d
• 1040.exe
• avpx32.dll
• avpx32.sys
• avpx64.sys
• BOOT32.SYS
• C3.DLL
• C3.SYS
• C4.SYS
• cz.dll
• Ddxzdkpd.dll
• DEBUGG.DLL
• draw32.dll
• drct16.dll
• dt163.dt
• fltr.a3d
• hiden.exe
• hm.sys
• hz.dll
• hz.sys
• i.a3d
• in.a3d
• JSDAPI.EXE
• jsssvc.exe
• klo5.sys
• Klog.sys
• klogini.dll
• memlow.sys
• ms2.exe
• mszx.exe
• mszx23.exe
• p2.ini
• p3.ini
• ps.a3d
• qy.sys
• qz.dll
• qz.sys
• redir.a3d
• Sdmapi.sys
• SMTAPI.SYS
• snim.dll
• tmpf00.exe
• tnfl.a3d
• vdmt16.sys
• vdnt32.sys
• vdt_16.exe
• vm.dll
• w32_ss.exe
• wd.sys
• winlow.sys
• wmx.a3d
• wz.dll
• wz.sys
Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use Haxdoor Removal Tool for safe problem solution.
2. Delete the following malicious folders:
no information
3. Delete the following malicious registry entries and\or values:
• Key: CurrentControlSet\ENUM\ROOT\LEGACY_MEMLOW
• Key: CurrentControlSet\ENUM\ROOT\LEGACY_VDMT16
• Key: CurrentControlSet\Services\memlow
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogin\Notify\draw32
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogin\Notify\drct16
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpx32
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debugg
• Key: SOFTWARE\Microsoft\Windows\curretnversion\explorer\browser helper objects\{B72F75B8-93F3-429D-B13E-660B206D897A}
• Key: SYSTEM\ControlSet001\Services\memlow
• Key: SYSTEM\ControlSet001\Services\vdmt16
• Key: SYSTEM\ControlSet001\Services\vdnt32
• Key: SYSTEM\ControlSet001\Services\winlow
• Key: SYSTEM\CurrentControlSet\Control\MPRServices\TestService\MPRServices\TestServices
• Key: SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avpx32.sys
• Key: SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avpx64.sys
• Key: SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avpx32.sys
• Key: SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avpx64.sys
• Key: SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_MEMLOW
• Key: SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_VDNT32
• Key: SYSTEM\CurrentControlSet\Services\avpx32
• Key: SYSTEM\CurrentControlSet\Services\avpx64
• Key: SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_MEMLOW
• Key: SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDMT16
• Key: SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDNT32
• Key: SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_WINLOW
• Key: SYSTEM\CurrentControlSet\Services\memlow
• Key: SYSTEM\CurrentControlSet\Services\vdmt16
• Key: SYSTEM\CurrentControlSet\Services\vdnt32
• Key: SYSTEM\CurrentControlSet\Services\winlow
• Key: SYSTEM\CurrentControlSet\Control
Value: Impersonate
• Key: SYSTEM\CurrentControlSet\Control
Value: StackSize
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winm32
Value: DllName
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\plgwiz32
Value: DllName
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\plgwiz32
Value: Startup
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\plgwiz32
Value: Impersonate
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\plgwiz32
Value: Asynchronous
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winm32
Value: secureUID
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winm32
Value: DllName
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: CID
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: DllName
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: Startup
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: Impersonate
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: Asynchronous
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: MaxWait
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: CID
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: DllName
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: Startup
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: Impersonate
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: Asynchronous
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvsvga
Value: MaxWait
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: secureUID
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: DllName
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: Startup
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: Impersonate
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: Asynchronous
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: MaxWait
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: secureUID
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: DllName
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: Startup
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: Impersonate
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: Asynchronous
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
Value: MaxWait
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nclabydll
Value: DllName
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nclabydll
Value: Startup
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nclabydll
Value: DllName
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: CID
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: DllName
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: Startup
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: Impersonate
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: Asynchronous
• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: MaxWait
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: CID
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: DllName
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: Startup
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: Impersonate
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: Asynchronous
• Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
Value: MaxWait
Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use Haxdoor Removal Tool for safe problem solution.
Next threat: HDTBar »
Learn more about Haxdoor and 0mcamcap.exe »
« Back to catalog
Solution: 2279
|
