How to Remove HAXDOOR VIRUS | ERROR CODE: 0x0000008e

Remove HAXDOOR VIRUS | ERROR CODE: 0x0000008e

How to Remove HAXDOOR VIRUS | ERROR CODE:  0x0000008e

Tech Advise:1
Please follow the below steps to Fix the problem.

Caution : Incorrect Registry Editing can cause serious problems. Please be careful while editing registry or contact our supoprt team to fix it remotley

Tech Advise 2
Delete drct16 & draw32

 Click Start Menu >> Click Run & type regedit &  then click OK.
 Locate the following registry subkey:
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
 Locate & delete the registry sub key which refers to “drct16” or “draw32”.
 For example, you may see entries that are similar to the following:
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\draw32

Step 2

 When the computer restarts, click Start, click Run, type regedit, and then click OK.
 Locate and delete the following registry subkeys and any entries that may be present under each subkey. If any registry subkeys from Browse To The following Registry Sub Key and delete them
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdnt32
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memlow
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdnt32
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memlow
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDMT16
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDNT32
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_WINLOW
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_MEMLOW
 Locate and delete any entries that contain the Mszx23.exe file name under the following registry subkeys:
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
 Quit Registry Editor.

Step 3

 Update Your Antiviurs program and then run a full scan

CAUSE:

 This problem may occur if the computer is infected with a variant of the HaxDoor virus.
 A hidden process is created by “The HaxDoor virus” The virus can also restore the files if deleted
 The virus creates hidden files and its sub keys in the registry. Generally by the name Mszx23.exe,Vdmt16.sys or Vdnt32.sysl.

The following malware has been identified by antivirus vendors.

 Collapse this tableExpand this table
 Symantec: Backdoor.Haxdoor.D
 Trend Micro: BKDR_HAXDOOR.BC, BKDR_HAXDOOR.BN, BKDR_HAXDOOR.BA, BKDR_HAXDOOR.AL
 PandaLabs: HAXDOOR.AW
 F-Secure: Backdoor.Win32.Haxdoor, Backdoor.Win32.Haxdoor.al
 Sophos: Troj/Haxdoor-AF, Troj/Haxdoor-CN, Troj/Haxdoor-AE
 Kaspersky Lab: Backdoor.Win32.Haxdoor.bg
 McAfee: BackDoor-BAC

Leave a Reply

Scroll to top
× Whatsapp