Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


H8SRT Infection

  • Please log in to reply
1 reply to this topic

#1 bevofan


  • Members
  • 2 posts
  • Local time:04:30 AM

Posted 27 January 2010 - 10:26 AM

Ugh, I have it bad. The fake Malaware Defender pop ups started last week but I think the actual problem lies in H8SRT/TDSS somewhere. and I followed some preliminary removal attempts. Having only minor success, I am turning to the pros here and will be grateful for any and all advice you may have.

My symptoms:
- IE launching in the background
- Redirecting google searches
- Porn icons on my desktop
- Computer freezing and pretty much inoperable unless I'm in safe mode
- When booting normally, it will either get to a point and freeze/lock up, or show a black, blank screen. I swear I can almost hear someone laughing at my misery.

My system:
- Windows XP Pro SP2

What I've done so far:
- Ran Malware Bytes - Had some trouble getting it to run, had to rename it, took a few tries but it did eventually run. I haven't seen the Malaware Defender pop ups since then.
- Ran Root Repeal - Log shows a variety of H8SRT instances under Hidden/Locked files, Stealth Objects, and Hidden Services. Particularly,

Hidden Services
Service Name: H8SRTd.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTeppuwoodpt.sys

I'm eager to get started and appreciate your attention. Thank you, thank you, thank you.

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,112 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:30 AM

Posted 27 January 2010 - 11:58 PM


Looks like you have a bad rootkit. To remove it requires specialized tools used only in the HiJack This forum. Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you cannot produce the DDS logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users