hdav.exe?

[Swifty]

Alright well I had not been on my computer all day today and when I had signed onto my computer my task bar was not showing. I tried going into the task manager and I ran explorer.exe and my screen just flashed like crazy it would pop up then disappear multiple times and below it hdav.exe showed up about 4 times bouncing explorer.exe around.

And basically my computer is pretty well virus infected I am pretty sure I have ran multiple scans with BitDefender anti virus and malicious searches, I also used Tuneup utilities and spy bot search and destroy some of it could not be deleted I know that bitDefender detects a trojan when my computer starts up but when I try to put it in quarenteen it drives my computer nuts.

Just now my browser keeps directing me to inappropriate sites and possibly illegal ones at that most, I can't do a system restore because my computer says it fails each time, BitDefender does not detect anything under its anti virus section but in malicious it does. Some of it can not be deleted.

If any one can suggest some help that would be great without having to reformat my computer, I really can't afford to lose everything not now and I have no way of backing up my things.

And I don't doubt that this Trojan/Virus is stealing my information right now so I am trying to keep off of personal websites at the moment.
Thanks
Swifty.

 

[zigzag3143]

Alright well I had not been on my computer all day today and when I had signed onto my computer my task bar was not showing. I tried going into the task manager and I ran explorer.exe and my screen just flashed like crazy it would pop up then disappear multiple times and below it hdav.exe showed up about 4 times bouncing explorer.exe around.

And basically my computer is pretty well virus infected I am pretty sure I have ran multiple scans with BitDefender anti virus and malicious searches, I also used Tuneup utilities and spy bot search and destroy some of it could not be deleted I know that bitDefender detects a trojan when my computer starts up but when I try to put it in quarenteen it drives my computer nuts.

Just now my browser keeps directing me to inappropriate sites and possibly illegal ones at that most, I can't do a system restore because my computer says it fails each time, BitDefender does not detect anything under its anti virus section but in malicious it does. Some of it can not be deleted.

If any one can suggest some help that would be great without having to reformat my computer, I really can't afford to lose everything not now and I have no way of backing up my things.

And I don't doubt that this Trojan/Virus is stealing my information right now so I am trying to keep off of personal websites at the moment.
Thanks
Swifty.

Do you have a backup of your data? If I were you I would download malwarebytes and run a scan just to get started. Hdav.exe seems to be a virus and I cant find any infomation saying it is used for anything else.

Boot into safe mode, run malwarbytes. Did you have an anti virus app on the computer when it was infected?

Ken

 

[Swifty]

Do you have a backup of your data? If I were you I would download malwarebytes and run a scan just to get started. Hdav.exe seems to be a virus and I cant find any infomation saying it is used for anything else.

Boot into safe mode, run malwarbytes. Did you have an anti virus app on the computer when it was infected?

Ken

All I know is hdav.exe messes with applications and it runs on start up, it can rename itself and make copies of itself as different forms as well as making new forms of itself.

I have also done a scan with Prevx and it detected the files I described, but I need a license key typical.

And now I am trying the program you told me about.

 

[Petey7]

MalwareBytes Anti-Malware is good as long as it will actually run. Some viruses have a script that can cause it to not install/run, hence why you should try in safe mode, or there are other work arounds you can find via google or another search provider.

 

[Swifty]

here are the names of the ones that prevx found

-hkpop.dll
-Hdav.exe
-lkpop.dll
-l84alx.exe

 

[thathagat]

hi....d/l hitman pro and scan...it has 30 days free removal and has five av engines including prevx,dr web.ikarus,A2,nod,g data

after hitman d/l and scan with mbam

 

[Swifty]

So I used mbam and hitman pro it made my computer faster and as far as I know deleted most of the problems but when I rebooted after hitman it said that windows needed to repair itself and both of those programs no longer exist on my computer so I had to reinstall them, any idea? a few of the virus names popped up too, one in cmd.

 

[thathagat]

So I used mbam and hitman pro it made my computer faster and as far as I know deleted most of the problems but when I rebooted after hitman it said that windows needed to repair itself and both of those programs no longer exist on my computer so I had to reinstall them, any idea? a few of the virus names popped up too, one in cmd.

1.hmmmm.......was that after restart before boot?
scanners usually delete persistent malware that way when they are not active.
2.restart again.....do you get the popup ?
3.give HMP and prevx one more run.

 

[A Guy]

If you can download and burn an iso to a cd, suggest download

BitDefender Rescue CD

Boot to safe mode, remove system restore points. Reboot to the Rescue CD and run scans. Reboot to safe mode and scan with MalwareBytes. Virus can and will hide in your Restore Points, and reinfect after you start windows. A Guy

 

[Petey7]

Can you give us more detail on what happened after the reboot. I'm not sure exactly what what happened, and without knowing that I can't help any. Some others might be able to.

 

[Swifty]

Can you give us more detail on what happened after the reboot. I'm not sure exactly what what happened, and without knowing that I can't help any. Some others might be able to.

Well after scanning with Hitman, it stated that some of the deleted malware/trojans what ever that was on my computer needed my computer to restart before it could delete them fully, so I rebooted and then it loads up to the screen where it says loading windows files and then goes into windows repair and says that my computer failed to boot up, and it is repairing any errors, then when I finally log in, Hitman and Malwarebytes no longer exist on my entire computer. I am guessing this "trojan" or "virus" is causing this. Every time I log in BitDefender says "Trojan detected" and I select to put it in the virus vault, but Hitman said that it had deleted it as well as Malwarebytes.

 

[A Guy]

Can you give us more detail on what happened after the reboot. I'm not sure exactly what what happened, and without knowing that I can't help any. Some others might be able to.

Well after scanning with Hitman, it stated that some of the deleted malware/trojans what ever that was on my computer needed my computer to restart before it could delete them fully, so I rebooted and then it loads up to the screen where it says loading windows files and then goes into windows repair and says that my computer failed to boot up, and it is repairing any errors, then when I finally log in, Hitman and Malwarebytes no longer exist on my entire computer. I am guessing this "trojan" or "virus" is causing this. Every time I log in BitDefender says "Trojan detected" and I select to put it in the virus vault, but Hitman said that it had deleted it as well as Malwarebytes.

I think it's as I posted, you need to get rid of your restore points, and do your scanning outside of windows, with a boot cd, then cleanup in safe mode. Hopefully it can get at what's hiding. A Guy

 

[Petey7]

It sounds like this virus means business. Did you try booting into safe mode? If all else fails, sometimes the best thing to do is a clean install. Then you know that no viruses exist on the machine.

http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html?ltr=C

EDIT: it looks like some people still have other advice. I would save the clean install for a last resort.

 

[Swifty]

It sounds like this virus means business. Did you try booting into safe mode? If all else fails, sometimes the best thing to do is a clean install. Then you know that no viruses exist on the machine.

http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html
http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html?ltr=C

EDIT: it looks like some people still have other advice. I would save the clean install for a last resort.

Yea I am trying not to reformat my computer in fear of losing all my files, because I have no way of backing anything up as far as I know, I do not own a external hard drive or blank cd's and I am tight on cash right now because of having to save it for my rent.

I might just put up with it until I can move out in august and have money then so I can afford an external HDD but right now I am trying to see if I can get rid of it without the reformat.

No I have not tried it on safe mode because I can't get to it with my television as a monitor because when I start up only half the screen shows because of the resolution. But if there is another way to do it from msconfig that would be great I can try it there.

 

[Jacee]

You have a "Backdoor" Trojan .... change all of your passwords, using another known 'clean' computer.

You will also need to flush your DNS cache and restore MS's original Hosts file.
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click on the file, choose to run as Administrator. Your computer will reboot itself.

Now, run an Antivirus scan and an Anti-malware scan.

 

[Swifty]

You have a "Backdoor" Trojan .... change all of your passwords, using another known 'clean' computer.

You will also need to flush your DNS cache and restore MS's original Hosts file.
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click on the file, choose to run as Administrator. Your computer will reboot itself.

Now, run an Antivirus scan and an Anti-malware scan.

Thanks wherever you found that out, surely it works perfectly all problems solved I don't even see anymore pop ups of the trojan thankfully. Thanks a lot Jacee

 

[Petey7]

Jacee is an expert on virus removal. I figured as soon as she said something the problem would be solved.

 

[A Guy]

Great help Jacee, should he do anything else?

A Guy