Discussion in 'Windows Desktop Systems' started by jdwaters, Aug 24, 2005.

  1. jdwaters

    jdwaters OSNN One Post Wonder

    I'm hoping you guys can help me out.
    I'm having the darnest time getting rid of the W32.HLLW.Egar virus on my XP Pro laptop.

    I'm using NAV, updated and went by the instructions on Symantec's website. But still no luck.

    When I do a scan, NAV finds the keygen.exe but can't quarrantine or delete the file.

    Also, I can't find the Registry key entry that the Symantec info refers to - it's just not there.

    not sure of my version of NAV, but it's not too old.

    any ideas on how to delete it once and for all?
  2. Psyborg

    Psyborg google addict Political User

    Limerick, Ireland
  3. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Sterling Heights, MICHIGAN
    W32.HLLW.Egar.int is a worm that attempts to spread through the KaZaA file-sharing folders. Because of bugs in the program, the worm cannot successfully copy itself.
    W32.HLLW.Egar.intd is written in Visual Basic and is UPX-packed.

    Use the following link to help remove this nasty>
    download trojan remover it should wipe it out..make sure you update the definition for this software then do the scan.

    if that does not work use the KAV online scanner here>
    Last edited: Aug 24, 2005
  4. trukkmann

    trukkmann OSNN Addict

    Also keep in mind if you use Xp's System Restore utility it keeps a backup of the virus there. You have to turn off System Restore, reboot to clear it, then turn it back on.
  5. jdwaters

    jdwaters OSNN One Post Wonder

    I had turned off System Restore before trying to get rid of this thing. I also tried a trojan remover software. no go.
    I may be speaking too soon, but I think I've finally 'fixed' it.
    I removed NAV and installed AVG. It not only recognized the same problem, but it also gave me the physical location of the file. I went to it and deleted it without any problems.
    I'm rescanning now to see if it's really all gone.