Re: Winhlpp32.exe/ W32.HLLW.Gaobot

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 03/03/05

• Next message: David K: "Re: Symantec AntiVirus 8.0 works with Windows Server 2003?"
• Previous message: Bob: "Winhlpp32.exe/ W32.HLLW.Gaobot"
• In reply to: Bob: "Winhlpp32.exe/ W32.HLLW.Gaobot"
• Next in thread: Bob: "Re: Winhlpp32.exe/ W32.HLLW.Gaobot"
• Reply: Bob: "Re: Winhlpp32.exe/ W32.HLLW.Gaobot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 3 Mar 2005 16:40:38 -0500

"Bob" <Bob@discussions.microsoft.com> wrote in message
news:7DEC2A1D-2928-4FCF-AFF8-AD49D0460863@microsoft.com
| Hello,
|
| Recently had the winzip32.exe file infected with the W32.HLLW.Gaobot virus
| on all my W2k Pro & WXP clients. After taking all steps to clean/contain the
| virus, the winhlpp32.exe reg key still remains in the registry no matter how
| many times I delete it.
| I've completed all Symantec related docs and removal tools.
|
| Also, I have an isolated client which had the virus that has been rebuilt &
| still has the winhlpp32.exe reg key in the registry. This is after I've
| cleared CMOS, re-partitioned the HD, re-formatted the HD & ran the restore
| CD. I even AV scanned the boot disk used & it's clean. This steps were all
| done offline from the network so I'm confused how the reg key even got there.
|
| I'm waiting to see if any of the clients spawns the winzip32.exe or
| winhlpp32.exe process/file so I can upload it to Symantec for examination.
| Meanwhile any helpful tips on removing the winhlpp32.exe reg key would be
| appreciated that I haven't tried yet.
|
| Thank you.

Please export the Registry key in which you are referring to.

You can then open the REG file and copy the contents the paste them in your reply.

-- 
Dave

---

• Next message: David K: "Re: Symantec AntiVirus 8.0 works with Windows Server 2003?"
• Previous message: Bob: "Winhlpp32.exe/ W32.HLLW.Gaobot"
• In reply to: Bob: "Winhlpp32.exe/ W32.HLLW.Gaobot"
• Next in thread: Bob: "Re: Winhlpp32.exe/ W32.HLLW.Gaobot"
• Reply: Bob: "Re: Winhlpp32.exe/ W32.HLLW.Gaobot"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Winhlpp32.exe/ W32.HLLW.Gaobot ... Recently had the winzip32.exe file infected with the W32.HLLW.Gaobot virus ... on all my W2k Pro & WXP clients. ... I've completed all Symantec related docs and removal tools. ... still has the winhlpp32.exe reg key in the registry. ... (microsoft.public.security.virus) Re: Domain security and dial-up ... I am not as concerned about a virus on a client even though I know they can ... virus scan product in use on the clients. ... the client computers is on the Internet and they forget to close their email ... mapped drive to the server and no firewall. ... (microsoft.public.win2000.security) Re: Trend CSM ... did get the Virus Count reset and the green checks are over the PC icons ... The server stats did not show any removal but the clients did. ... >I have a question about the web interface on Trend CSM regarding the way ... >the PC icons look after they have detected and cleaned an infected file. ... (microsoft.public.windows.server.sbs) Re: beat the new worm from support@microsoft ... Sgopus describes a suitable method of stopping the ... cause so much damage to the ICT world,) virus authors now set the virus ... So, boot into DOS... ... You should still delete the reg key now that the virus is not there ... (microsoft.public.security) Re: beat the new worm from support@microsoft ... > sgopus asks a question to do with PCs, Super_Geek dives in and tries to ... > cause so much damage to the ICT world,) virus authors now set the virus ... > to re-create the reg key every few seconds. ... > So, boot into DOS... ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)