SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  WinHelp.exe

Name WinHelp.exe

Description

The W32.HLLW.Lovgate.O@mm worm is a variant of W32.HLLW.Lovgate@mm.
This variant is also a mass-mailing worm that attempts to reply to all the email messages in the Microsoft Outlook Inbox.
The "sender" of the email is spoofed and its subject line and message vary.
The attachment name varies with a .exe, .pif, or .scr file extension.
This worm also attempts to copy itself to all the computers on a local network using the weak passwords to attempt to log in as an Administrator
and to the Kazaa-shared folders.

Copies itself as the following: %Windir%\Systra.exe; %System%\iexplore.exe; %System%\Media32.exe; %System%\RAVMOND.exe; %System%\WinHelp.exe; %System%\Kernel66.dll

Creates a file named AUTORUN.INF in the root folder of all the drives, except the CD-ROM drives, and copies itself as COMMAND.EXE into that folder.
Creates a zip file . in the root folder of all the drives, unless the drive letter is A or B. For example: setup.rar or pass.zip.
Creates the following files: %System%\ODBC16.dll, %System%\msjdbc11.dll, %System%\MSSIGN30.DLL
These files are all the same?they are backdoor components of the worm.

Modifies the (Default) value of the registry key: HKEY_CLASSES_ROOT\exefile\shell\open\command
to: %System%\Media32.exe "%1" %* so that the worm runs when you execute any .exe files.
Terminates all the processes that contains any of the following strings:
KV, KAV, Duba, NAV, kill, RavMon.exe, Rfw.exe, Gate, McAfee, Symantec, SkyNet, rising

Manual removal:
In the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
please delete the values:
"Program in Windows"="%system%\iexplore.exe"
"VFW Encoder/Decoder Settings"="RUNDLL32.exe MSSIGN30.DLL ondll_reg"
"Winhelp"="%System%\WinHelp.exe"

Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
and delete the value:
"Systemtra"="%Windir%\Systra.exe"

In the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
delete the value:
"run"="RAVMOND.exe"

And delete the subkey, if exists:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ZMXLIB1


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

lscctoygmu

pytlrbntrp

Gay blogging service, Common photos

Luxurious Montblanc Marlene Dietrich Have Been In High Demand Since Long

hcytvdqtfu

jopptsnkfq

pxlurrjelm

eqsvttsppi

elltuwkhzv

ykysyxuvqo

Open full-grown galleries

zoopbkqbks

aeaxvldtek

Loose galleries

Секс-галерея порно и секс фото с зрелыми д

kocunrlzcn

bsetlglxkk

zrbnihfxol

ahqsuofdmk

mzwwxmvtob

ovdxbgtxwv

guzjyrymlm

Pictures from collective networks

vbhwleoqeu

xauptzjvsp

qtwdqzrstm

vrpeylslvi

okuhkgpbid

zoiofrejxt

aiysgaxvev




SoftwareTipsandTricks, All Rights Reserved.