Complete scanning result of “hldrrr.exe”, received in VirusTotal at 05.15.2007, 22:30:50 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.15.1 05.15.2007 no virus found
AntiVir 7.4.0.15 05.15.2007 no virus found
Authentium 4.93.8 05.15.2007 no virus found
Avast 4.7.997.0 05.15.2007 no virus found
AVG 7.5.0.467 05.15.2007 Downloader.Generic4.OAR
BitDefender 7.2 05.15.2007 Win32.Bagle.SRF@mm
CAT-QuickHeal 9.00 05.15.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.15.2007 no virus found
DrWeb 4.33 05.15.2007 Win32.HLLM.Beagle
eSafe 7.0.15.0 05.15.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3634 05.15.2007 Win32/Glieder.FJ
Ewido 4.0 05.15.2007 no virus found
FileAdvisor 1 05.15.2007 no virus found
Fortinet 2.85.0.0 05.15.2007 suspicious
F-Prot 4.3.2.48 05.15.2007 no virus found
F-Secure 6.70.13030.0 05.15.2007 Trojan-Downloader.Win32.Bagle.bv
Ikarus T3.1.1.7 05.15.2007 no virus found
Kaspersky 4.0.2.24 05.15.2007 Trojan-Downloader.Win32.Bagle.bv
McAfee 5031 05.15.2007 New Poly Win32
Microsoft 1.2503 05.15.2007 no virus found
NOD32v2 2268 05.15.2007 Win32/Bagle.IM
Norman 5.80.02 05.15.2007 W32/Malware.TFJ
Panda 9.0.0.4 05.15.2007 Trj/Mitglieder.OC
Prevx1 V2 05.15.2007 no virus found
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.12.2007 VIPRE.Suspicious
Symantec 10 05.15.2007 no virus found
TheHacker 6.1.6.115 05.15.2007 no virus found
VBA32 3.12.0 05.15.2007 no virus found
VirusBuster 4.3.7:9 05.15.2007 no virus found
Webwasher-Gateway 6.0.1 05.15.2007 Win32.Malware.gen (suspicious)
Aditional Information
File size: 225762 bytes
MD5: ca6ae88923b375f0084ffeb866d1f1fb
SHA1: f3a74b2bee4933ffe6ef3b1ff575307963543db0
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
No, apparently it can be deleted and it’s not replicating…
Sorry, I did not mention the path: C:\Windows\System32\ folder
I’ve detected it only with SuperAntispyware and nothing else…
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.