Huelar.exe

Discussion in 'Tutorials and Guides' started by ha14, Apr 2, 2009.

  1. ha14

    ha14 Experienced Member

    Joined:
    Feb 10, 2009
    Messages:
    1,170
    Trophy Points:
    112
    Ratings:
    +40 / 0 / -0
    Hi


    The worm drops the following files:

    huelar.exe in the Windows System folder,
    winlogos.exe in the Windows folder,
    mscvhost.exe in the Current User’s\Startup folder.


    Huelar.exe can disabled your task manager, regedit and set the value of your no folder options into 1 to the regedit. It also modify registry at the following location to load itself during each startup:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run\Microsoft Service Host
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\IeakHelpString
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run\winlogos.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run\Huelar Services 2.0
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\policies\Explorer\N oFolderOptions

    Here’s a solution to remove this virus.

    The first thing you will do is back up the important files you need so that it will not be reformatted even though it is contaminated with virus. Then reformat your drive C only so that your back up files will not be deleted. After reformatting the drive C install Kaspersky anti-virus then scan all of your hard drives so that the Huelar.exe or known as W32/VB.FZ Worm in kaspersky virus will be detected and deleted.

    In removing the heular virus into your computer, you must simply follow the steps below, it is a simple instruction and easily to follow:

    1. You must update the virus definitions of your antivirus.
    2. Reboot computer and got to SafeMode bt pressing the F8 function keys.

    3. Run a full system scan and clean/delete or eliminated all infected file(s) or some spywares.

    4. Run your Registry editor and delete/modify any values added to the registry.
    Navigate to and delete the following entries:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run
    \”Microsoft File Server Manager 2.36″ = “C:\WINDOWS\system32\filesrv32.exe”
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run
    “Heiku - Munist” = “C:\WINDOWS\system32\EraleuH.exe”

    Navigate to and restore the following registry entries to their original values, if needed:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\policies\Explorer
    \”NoFolderOptions” = “1″
    HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Policies\System
    \”DisableRegistryTools” = “1″
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Dire ctory\DefaultIcon
    \”(default)” = “C:\WINDOWS\system32\filesrv32.exe”
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion
    \”IeakHelpString” = “I will always be with you, Huelar!”
    HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\”EnableHeikus” = “1
    HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\”InstallDate” = “1/15/2008″
    HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main
    \”Window Title” = “Freak-X Browser”
    HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main
    \”Local Page” = “[http://]www.hentaisailormoon.com[REMOVED]”
    HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main
    \”Start Page” = “[http://]www.hentaisailormoon.com[REMOVED]”
    HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion
    \Explorer\Advanced\”Hidden” = “0″
    HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion
    \Explorer\Advanced\”HideFileExt” = “1

    6. Exit registry editor and restart the computer.


    You can also use the following
    Heular Ultimate Removal Tool v2.3
    http://uploading.com/files/JIDAMA3G/HeularUltimateRemovalTool_LDRS_downarchive.zip.html
     
  2. ismailtahir

    ismailtahir Notable Member

    Joined:
    Aug 7, 2008
    Messages:
    629
    Trophy Points:
    66
    Ratings:
    +0 / 0 / -0
    :innocent: hentai sailormoon ...ermmmm
     

Share This Page...