HLDRRR.EXE is known by most anti virus software applications as being spyware or a trojan, Downloader.Win32.Bagle.Sn, however it managed to slip by antivirus solutions like Norton and Avira.
If you find it on your computer, you have to know that your computer is infected and you will need a serious anti-virus solution.
This EXE file comes on your PC most of the times when you download an install a toolbar for Internet Explorer, it access itself and installs weird programs from infected web sites or opens executable files that came from email. It is known as being the virus of those without minimum computer experience, of people that installs any type of software that opens in pop-up windows and of people that do not know to protect themselves from deceiving emails or adverts.
Along with hldrr.exe, on your system migiht also appear wintems.exe, srosa.sys plus the “down” and “download” folders.
If your anti virus software detected it but cannot erase it, keep an eye out for the scanning report and you will see exactly where hldrr.exe is located. Open Task Manager and go to Processes Tab and kill the hldrr.exe process.
Then open Command Prompt and type these commands:
cd C:\WINDOWS\system32\drivers
del hldrrr.exe
del down
del downld
The other files that come along with hldrr.exe, wintems.exe and srosa.sys are located in the system32 folder.
You have to type the following commands in Command Prompt again:
cd ..
del wintems.exe
del srosa.sys
Now that we deleted the malware files we also have to clean our Registry.
Open the Registry Editor ( Type regedit in the search field of the Search menu ) and go to:
HKEY_CURRENT_USER\Software
We click on the plus from Software and search for FirstRRRun folder. Right click and delete.
Now we go to the next registry to delete the drvsyskit key.
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
In the list that appears on the right we search and delete drvsyskit.
And now we have to restart the computer.
Normally, if the operations above have been done correctly you should have removed this virus from your computer.
