Trickly little virus/spyware.

[dimtim]

Hey the weirdest thing happens whenever I'm on my computer. The window I'm working in will go into the background (like you clicked another window) yet nothing will pop up. I will look at the task manager and something has launched iexplore.exe, which I believe is internet explorer, yet an internet explorer window does not pop up. I will end the process, and it will do it again a few minutes later.

Anybody got any ideas on this one?
Tim

[budz]

Do you have antivirus and spyware software installed on your computer? If you have then run them to see if any virus or spyware shows up.

[buttzilla]

I have experianced trojans that use this method. It uses the default browser running in the background.. If you open internet explorer and try to use it, it will work real slow. My nephew just experianced this type. I installed nod32 and spysweeper. I ran nod 32 in safe mode and it found it and I deleted it. Nod 32 is a great antivirus if you don't have one check out the free trial at their site.
http://www.eset.com/

[hech54]

Spybot
Spywareblaster(prevention only)
Ad-Aware

HiJackThis - then insert the log file as directed on www.hijackthis.de and follow the instructions...but be careful with Hijackthis.

[NiteLite]

Spybot S&D and Spywareblaster should stop this browser hijacking...plus an anti-virus program.
Avast is free and appears really good.
Regards,
NL

[Bjs]

Ad-Aware SE / Avg free / Hijackthis

Hijackthis is safe and will always make a backup before it dose anything , incase you need to reset anything , so no harm is done .

Should reinfection reappear , clean out internet cache

Windows explorer , tools , folder options , view tab .
Hidden files and folders , check "show"
Uncheck both "hide" for file extensions , and protected system files
Apply , ok

Go to documents and settings
Go to normal login account folder name
Go to local settings
Empty temp folder
Empty temporary internet files folder

Remember , reinfections are possible if the problem has managed to enter system restore point , disable this first , then scan and remove problem , reboot pc , then reset a new system restore point .

[dimtim]

Hum okay so I identified this process hldrr.exe which is definitely a trojan or something. I've searched my computer like 80 times for this .exe file but I can't find it. Any suggestions on finding this sucker?

Thanks

[AlanHK]

It's Bagle.
See http://www.sophos.com/security/analyses/w32baglesh.html

You could try Avast free virus cleaner
http://www.avast.com/eng/avast-virus-cleaner.html

[budz]

or use trendmicro.com free online scanner

[buttzilla]

Hum okay so I identified this process hldrr.exe which is definitely a trojan or something. I've searched my computer like 80 times for this .exe file but I can't find it. Any suggestions on finding this sucker?

Thanks

Open up a folder any folder Go to tools/ folder options then view then check show hidden files and folders. Now go to microsoft search and search for the file you think is it. use the whole name with the .exe Sometimes these trojans and virus hide themselves. You should then be able to find it though that does not mean you will be able to delete it. Some lock theirselves to processes. Download the free program unlocker. This can help unlock it from processes, If it is locked to explore.exe you will have trouble. When yo unlock it it will crash windows.If so boot into safe mode and run your antivirus. In safe mode only the bare minumum process load.

[hech54]

Hum okay so I identified this process hldrr.exe which is definitely a trojan or something. I've searched my computer like 80 times for this .exe file but I can't find it. Any suggestions on finding this sucker?

Thanks

You won't get rid of it yourself. You've been offered MANY solutions.

[dimtim]

Yeah thanks a ton, I finally got it cleaned. Hopefully it didn't do any permanent damage.

Thanks again
Tim

[INFRATOM]

Formating the hard drive can give you a peace of mind and in some cases that is the solution. Until then download Trendmicro files and latest patterns and run under DOS boot or safe mode.

[dimtim]

I hate to bring this thread back up, but this is the absolute worse spyware/virus I have ever had. I can't get rid of it. I have downloaded like 5 trial versions of the spyware removal software you guys recommended and they all clean it, but then it comes back. It hijacks internet explorer somehow and will run the iexplore.exe process randomly. It rewrites the hldrr.exe and wintems.exe files somehow after I keep deleting them. How is this happening??

This bagle thing is unreal
Tim

[mats.hogberg]

Many of these trojans/virii are made up of several executables. As soon one of them is deleted, one of the others put it back in place. A real pain (to say the least) to get rid of.
There's no general procedure for removal, so you'll have to identify exactly what kind of virus you have, and then find removal instructions for it. It can be a convoluted process. Sometimes it's better to bite the bullet and do a clean install instead.

/Mats

[classfour]

avast + allow it to run on boot

[dphirschler]

Try F-Prot for DOS. Use a boot disk to boot up in DOS. Then run the virus software from a DOS prompt. Remember to get the latest virus definitions. A new definition was just released (May 18).

http://www.f-prot.com/products/home_use/dos/


Darryl

[Bjs]

Nail the thing ... go grab hijackthis from http://www.spywareinfo.com/~merijn/programs.php

Run scan and save log .

Then go to : http://www.spywareinfo.com/~merijn/forums.php

I recommend http://www.tomcoyote.org/ forum , signup , wait 5 days , return and post log , wait atleast 5 days before requesting help a second time ... its been there this long , your not in a rush , and want it fixed properly ... dont you .

One last problem , if you use an os that uses system restore , turn it OFF .
Many reinfections can reappear because the user failed to disable this prior to removal attempt of infections .

----

hldrr.exe

Take a look here http://forums.majorgeeks.com/showthread.php?t=103033

ref :

c:\temp.zip <Win32.HLLM.Beagle.pswzip>
c:\documents and settings\user\application data\m\data.oct <Trojan.BeagleProxy>

----

Q: Whats a simple sollution
A: Fdisk the hd and reload os from scratch

And B : Watch what you do online next time .

----

Between hijackthis , avgfree , adaware se , and search engine (google) , I have cleaned many pcs though gone for good .

Last one had 400+ virus's , and 600 trojans ... took almost an hour before you could use it from first start ... and connect it online meant game over ... all hell broke loose .

Only 1 user word document was not recoverable in the whole process

Next time I run into a pc like that I am taking a snapshot of it as proof of concept .