hldrrr.exe/hidn2.exe Removal

Win32/Bagle.HE:

First seen in 2007, this worm was made to spread via e-mails and network connections. Though the size of the worm is small, its capable of creating a lot of damage to the computer. It was later updated by the creator such that it also downloads other malicious files from several URLs. Thus also having the behavior of a Trojan downloader. Because of this, the virus must be dealt with a lot of care and should be deleted as soon as possible in order to avoid any other infectious files to take over the computer. When executed, this worm helps itself in the %Home% directory and may safely run a process from there. Like most of the rascals, this one also creates a registry entry in order to safeguard itself from being deleted. It may inject itself to other processes so that, when deleted it can coolly give a "Access denied. This program is being used by another person" error. It also modifies the Notepad.exe settings such that it shows different types of silly errors which are not even seen before. The biggest damage this worm creates is that it deletes the "Safeboot" option from the Msconfig, thus disabling the Safe Mode completely. It also adds itself to the e-mails that are being sent using applications like the Outlook Express. This way it spreads to the neighborhood of the User's system. But nothing is still impossible. Lets take a look at deleting this Trojan-worm.

Manual instructions to remove W32/Bagle.gen:

  1. We can't boot the PC in the Safe Mode this time. So lets deal it in the normal mode. Beginning with the registry, lets first get rid of it from the Startup services. Navigate to the following registry key

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
    Run\drv_st_key


    This entry contains the path of the Trojan-worm. So remembering it would be recommended. Just cut that path and save it in a note and delete that key.
  2. Now that it is deleted from the registry, go to Start --> Run and type "msconfig" (without the quotes) and in the Startup tab, make sure that the check-boxes are unchecked for the processes "hidn2.exe" and "hldrrr.exe". 
  3. Now reboot your system. Go to the following directory using the Windows Explorer and delete the following files

    C:\Documents and Settings\All Users\Application Data\hidn\hldrrr.exe
    C:\Documents and Settings\All Users\Application Data\hidn\hidn2.exe
  4. Now your system is free from the virus but not the damage that it has given. Download the registry mechanic from here and enable your Safe Mode booting services following the steps given here.
  5. You are completely free from the virus but remember that any e-mail having a file with .exe extension is always dangerous.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme