Re: Removing W32.Hitapop Virus?

---

• From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
• Date: Sat, 11 Apr 2009 23:22:40 -0400

---

From: "Mike950" <Mike950@xxxxxxxxxxxxxxxxxxxxxxxxx>

| While doing a reinstall of SoundBlaster Audigy program files, Norton alerted
| (and blocked) something called W32.Hitapop. I did some research and I think
| I will be able to remove it but am curious why I can't find it on my
| computer. NAV indicates that the files associated with the W32Hitapop are
| "jgl_rt\jshap or.dll" and "
| jgl_rtl_rt1\jshap or.dll" and says they are located at: c\documents and
| settings\Mike\local settings\temp\.

| I looked in that temp directory and there is no jgl_rt folder,
| jgl_rtl_rt1\jshap or.dll folder or jshap or.dll files. (I have Explorer set
| to show hidden and systems files.) Any ideas on how I can located these
| files to see if they are really there? Thank you. Mike (WinXP Hm SP3)


| c\documents and settings\Mike\local settings\temp\jgl_rt\jshap or.dll

| c\documents and settings\Mike\local settings\temp\jgl_rtl_rt1\jshap or.dll


http://www.symantec.com/security_response/writeup.jsp?docid=2006-120115-5706-99&tabid=1

Looks like a worm. You probably have a new variant.

Look at the Registry entry ; "Userinit" under
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

It should be; "userinit.exe,"

Anyway...

The %tmp%\jgl_rtl_rt1\jshap or.dll as you indicated are most like there but are marked as
Hidden System files and thus NOT viewable without changing the attributes or changing the
way Explorer views files and folders.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

---

• Follow-Ups:
  • Re: Removing W32.Hitapop Virus?
    • From: Mike950

• References:
  • Removing W32.Hitapop Virus?
    • From: Mike950

• Prev by Date: Removing W32.Hitapop Virus?
• Next by Date: Re: Removing W32.Hitapop Virus?
• Previous by thread: Removing W32.Hitapop Virus?
• Next by thread: Re: Removing W32.Hitapop Virus?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: winsock error ... System Volume Information folder. ... the malware scanner did not detect anything. ... hidden system files, and make sure the application scans the System Volume ... did the online scan and did the winsock fix. ... (microsoft.public.windowsxp.general) Re: Errors w/Boot.ini ... I did what you said regarding the file folder options and making the ... hidden system files visible. ... Settings/System Startup Edit button and received the following message: ... On the Menu bar click Tools> Folder Options.... ... (microsoft.public.windowsxp.help_and_support) Re: Removing W32.Hitapop Virus? ... Thanks for the reply David, but as I indicated in my post, (I have Explorer ... set to show hidden and systems files.) ... Since I was unable to find those two folders and the file, I ran a NAV on ... in that Temp folder but when I run NAV on that folder, ... (microsoft.public.windowsxp.security_admin) Re: Album Art ... WMP9/10 will create hidden system files in your music ... > As for creating the composer field on the mp3 tags, ... >>I save a jpg as album cover in my music folder. ... >> I do need wmp to update my album missing information. ... (microsoft.public.windows.mediacenter) Re: C00D11E2 error message DRM ... Did you have "Show Hidden System Files" turned on? ... the folder. ... Select all of the files in the DRM folder, ... Consult your content provider for more information. ... (microsoft.public.windowsmedia.player)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)