PDA

View Full Version : backdoor trojan virus in HEM files



shawshank
10-18-2009, 09:12 PM
I have read the thread and seen that you have been trying to deal with this problem, but the thread is locked.

If I could make a suggestion (that might cut down on your need to schedule individual teamviewer sessions w/ customers).

The last post on the thread (or one of the last posts) should be a synopsis of what users should do to eliminate the problem. Then other users can search the thread titles, see your list of suggestions, and then repost additional threads if they don't get results.

I have the backdoor trojan that has attached to several HEM files (including import), but I do not have the same directory structure to delete the files that you specify. I have also run multiple virus scans + gotten an update on my anti-virus software, but can't shake this virus.

Can I schedule a teamviewer session? Thanks for your help.

netsrak
10-19-2009, 03:27 AM
What errors does your Virusscanner display?
Which operating system?
Which virus scanner?
Which HM version?

shawshank
10-19-2009, 07:58 AM
What errors does your Virusscanner display?
Which operating system?
Which virus scanner?
Which HM version?

1. what errors?

I attached a JPEG w/ the errors

2. which OS?

vista

3. virus scanner?

symantec anti-virus (I just got an auto-update yesterday)

4. which HM version?

1.09 beta 30b

ONE OTHER ISSUE: I am having trouble w/ the registration for HEM since I installed an update for windows. (HEM is asking me to reinput my registration code. I did this, but got the same error and I'm not sure if it's related to the trojan.)

thanks. s/s

netsrak
10-19-2009, 10:44 AM
Please update to beta 40 from the link in my signature.
Delete all the Holdemmanager folders in the Xenocode path in the error message.

If you still have the registration problem after the update:
* close HM
* look for the hidden file holdemmanager.exe.ldat in the holdemmanager installation path
* delete this file
* restart HM and reenter your key.

shawshank
10-19-2009, 05:34 PM
I have reinstalled the latest HEM update and found/deleted the HEM directories as suggested. But I'm not clear on this step.

I can see the holdemmanager.exe file, in PROGRAM FILES under RVG SOFTWARE/HOLDEM MANAGER, but I'm not clear on how to: (1) view; and (2) delete a hidden file. Is the ".ldat" at the end a typo?

Thanks. s/s

* look for the hidden file holdemmanager.exe.ldat in the holdemmanager installation path

fozzy71
10-20-2009, 12:26 AM
If you can't see it, turn off the windows option that is hiding that directory. http://www.bleepingcomputer.com/tutorials/tutorial62.html

shawshank
10-25-2009, 04:46 PM
I have another backdoor trojan located in a different set of directories. I installed the version 40 update last time, but it has come back again. Is there another beta?

shawshank
10-25-2009, 04:51 PM
my anti-virus software just autodetected another backdoor trojan in the file I just uploaded.:(

Didace
10-25-2009, 06:04 PM
...

fozzy71
10-25-2009, 09:06 PM
Close HEM and your anti-virus and delete any \xenocode\appliance cache folders and any other possible false positive files.

1. Enable "Show hidden files and folders" under Control Panel -> Folder Options -> View
2. Go to C:\Users\YourUserName\AppData\Local\Xenocode\Appli ance Cache and delete every folder you can find in there

Empty your recycle bin.

reboot

Please update to the latest beta - http://www.holdemmanager.com/downloads/HmBetaUpdate.exe