W32.HLLW.Egar

Discussion in 'Windows Desktop Systems' started by jdwaters, Aug 24, 2005.

  1. jdwaters

    jdwaters OSNN One Post Wonder

    Messages:
    2
    I'm hoping you guys can help me out.
    I'm having the darnest time getting rid of the W32.HLLW.Egar virus on my XP Pro laptop.

    I'm using NAV, updated and went by the instructions on Symantec's website. But still no luck.

    When I do a scan, NAV finds the keygen.exe but can't quarrantine or delete the file.

    Also, I can't find the Registry key entry that the Symantec info refers to - it's just not there.
    http://securityresponse.symantec.com/avcenter/venc/data/w32.egar.int.html

    not sure of my version of NAV, but it's not too old.

    any ideas on how to delete it once and for all?
     
  2. Psyborg

    Psyborg google addict Political User

    Messages:
    109
    Location:
    Limerick, Ireland
  3. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    W32.HLLW.Egar.int is a worm that attempts to spread through the KaZaA file-sharing folders. Because of bugs in the program, the worm cannot successfully copy itself.
    W32.HLLW.Egar.intd is written in Visual Basic and is UPX-packed.

    Use the following link to help remove this nasty>
    download trojan remover it should wipe it out..make sure you update the definition for this software then do the scan.
    http://www.simplysup.com/tremover/index.html

    if that does not work use the KAV online scanner here>
    http://www.kaspersky.com/virusscanner
     
    Last edited: Aug 24, 2005
  4. trukkmann

    trukkmann OSNN Addict

    Messages:
    110
    Also keep in mind if you use Xp's System Restore utility it keeps a backup of the virus there. You have to turn off System Restore, reboot to clear it, then turn it back on.
     
  5. jdwaters

    jdwaters OSNN One Post Wonder

    Messages:
    2
    I had turned off System Restore before trying to get rid of this thing. I also tried a trojan remover software. no go.
    I may be speaking too soon, but I think I've finally 'fixed' it.
    I removed NAV and installed AVG. It not only recognized the same problem, but it also gave me the physical location of the file. I went to it and deleted it without any problems.
    I'm rescanning now to see if it's really all gone.