Tech Support Forum - View Single Post

Mike · 08-10-2008, 10:38 AM

Hi there,

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:

Begin copying here:
Drivers to disable:
rotw

Drivers to delete:
rotw

Files to delete:
C:\WINDOWS\system32\routew.dll
C:\WINDOWS\system32\rhs.bin 
C:\WINDOWS\system32\kl80.bin 
C:\WINDOWS\system32\rotw.sys

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\routew

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

See if you can get ComboFix to run then.

If not please try and run HaxFix and run Deckards' System Scanner as instructed.

08-10-2008, 10:38 AM	#8 (permalink)
Mike Analyst, Security Team Join Date: Jun 2008 Posts: 71 OS: XP SP2	Re: Need to remove haxdoor Hi there, 1. Please download The Avenger by Swandog46 to your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C): Code: Begin copying here: Drivers to disable: rotw Drivers to delete: rotw Files to delete: C:\WINDOWS\system32\routew.dll C:\WINDOWS\system32\rhs.bin C:\WINDOWS\system32\kl80.bin C:\WINDOWS\system32\rotw.sys Registry keys to delete: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\routew Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Now, open the avenger folder and start The Avenger program by clicking on its icon. Right click on the window under Input script here:, and select Paste. You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard. Click on Execute Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please copy/paste the content of c:\avenger.txt into your reply. See if you can get ComboFix to run then. If not please try and run HaxFix and run Deckards' System Scanner as instructed. __________________ Last edited by Mike; 08-10-2008 at 11:00 AM.