379716 visitors has seen the Tim-Carter.com site. Thanks!
321 visitors has seen the Tim-Carter.com site today.
 
Home
Programming
SEO
Solutions To Problems
Contact
Blog
  
Search :  
 
>>> Solutions To Problems >> Virus > What is the hldrrr.exe file process (This page has been seen 939 times)

What is the hldrrr.exe file process

This is a Trojan horse virus. And it can be very tricky to remove. Notice that everytime you open internet explorer it appears again in Task Manager. It even messes up your antivirus software so you cant reinstall it again.
In some cases it also opens a window when you try to open Internet Explorer with the title, "Select file to crack"

Here is how to remove it:

  • Delete HKEY_CURRENT_USER\Software\FirstRRRun
  • Do a search in the Registry Deleting every orrurence of HLDRRR.EXE
  • Go to control panel > System > Hardware tab > Device Manager, Click view, the "show hidden devices" go to Non-plug and play drivers, right click on Megadrv3 and uninstall it.
  • Restart your computer and boot from your Windows CD. ("remember if you have raid harddrives you need your raid driver on a floppy")
  • When you boot from your CD, press F6 to install the drivers. When windows is done loading, click R for the Recovery Console.
  • Delete following files:
  • C:\windows\hldrrr.exe
  • C:\windows\system32\hldrrr.exe
  • C:\windows\system32\drivers\hldrrr.exe
  • C:\windows\system32\drivers\srosa.sys
  • C:\windows\system32\drivers\wintems.exe
  • There is probably a folder under c:\windows\system32\drivers\ called down, delete that also. the HLDRRR creates alot of exe files it uses under this folder
  • Reboot
  • When windows is started up again. Create yourself a file in c:\windows\system32\drivers called hldrrr.exe. Make it Read-Only, and then do the same for srosa.sys
  • Go to control panel > Folder Options > Click "view" tab, uncheck "use simple file sharing" then return to drivers folder and right click your own created blank files, select properties, security tab, check deny access for all users. Do this for everyfile you just created
  • Notice that you probably cant se hidden files anymore?
  • Do the following
  • Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value named "Hidden" . Rightclick it and modify it to 1.
Now make a file on your desktop called reg.reg

Paste this code into the new file and save it, and then run it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden]
"Text"="@shell32.dll,-30499"
"Type"="group"
"Bitmap"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
"HelpID"="shell.hlp#51131"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30501"
"Type"="radio"
"CheckedValue"=dword:00000002
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51104"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"


When you have done this you will be able to view hidden files again.

Now you probably still have the problem when opening internet explorer and thinking, what the hell???

Your GoogleBar in Internet Explorer is probably compromised.

  • Go to control panel > Internet Options > Programs > Manage Add-ons
  • Disable everything you can se regarding google
  • Search your harddrive for "google"
  • Delete everything concerning google toolbar

That should do the trick. Hope this helps you

Remember after this, install a good anti virus program. I recommend ESET NOD32 which is a really good anti virus program. And also a good Anti Spy program, i recommend Malwarebytes



Like (3)
 
Dislike (1)


Keywords for this article:
SROSA.SYS || HLDRRR.EXE || WINTEMS.EXE || Select file to crack || "Show hidden files and folders" option is missing!

Post comment

Name:


Comment:

Code Language:

Code:

Here you can paste a code example. It will then be processed by SyntaxHighlighter and formatted for easier readability.
Please remember to select the correct Code Language in the select above so the SyntaxHighlighter can highlight the code properly.



Code:

Please enter the code you see above

What is 3 + 4 =

Submit Comment


No one has commented on this page yet. You could be the first.


Advertisement by Google
Sponsors :