olhrwef.exe - Removal


Trojan.PWS.OnlineGames.KBVT:
If you find this file or the process of this file running in your system, it means that you are definitely infected by a high risk Trojan-worm that has already taken over your system. Now before you panic, let me make one thing  clear. Perform these actions only if you know your computer well. Otherwise, you'll end up crashing it and may also need to format your hard disk.
                                This virus was first seen in April 2009 and started spreading like forest fire as soon as it was launched. It was packed in NSAntipacker and thus, the anti viruses fail to detect the worm received by the User. As soon as it is launched, it copies itself to the %System% folder of your WINDOWS directory and also registers several DLL's thus protecting itself from getting killed completely. The virus is a Trojan and a worm and hence steals all your passwords and personal information. It'll inject itself into all your System's processes. As a result, it makes the removal almost impossible. Like any other Trojan worm, it also creates and modifies several entries in the registry. It is capable of disabling your anti virus package and stops it from furthur updating. Here are a few instructions to remove this virus. 
olhrwef.exe Removal:
Lets start with deleting the registry entries it has created and undoing the changes made.
  1. Navigate to the following in the registry.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    Now look for the entry with the name "cdoosoft" and delete it. By doing this, you'll be stopping it from running at the system startup.

  2. After you're done with that, you'll have to go to this entry again to stop it from launching a process at the startup.

    HKEY_LOCAL_MACHINE\Software\CurrentControlSet\Services\KAVSys

    Delete the entry having the Image path as "%drivers%\klif.sys".
  3. The virus disables the view of hidden files and folders as soon as it is run. To undo this change, go to the following registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\

    Now change the Checkedvalue to 1. Thus you're disabling the key to stop you from viewing the hidden files and folders.
  4. Now that the registry is taken care of, lets move to the deletion of files. The worm creates an autorun.inf in your drives which needs to be removed first.
  5. Open your Task manager and search for the process with the name olhrwef.exe and kill it. As soon as you're done, go to your C:/ drive and delete the following file

    C:\Windows\olhrwef.exe
  6. Now unregister the following DLLs created by the Trojan-worm ( Click here to know how to unregister DLLs

    C:\Windows\System\nmdfgds0.dll
    C:\Windows\System\nmdfgds1.dll
  7.  Now celebrate. Because the worm is finally killed. Don't forget to restart your computer to apply the changes.
There are actually two versions of this Trojan-worm. Once updated, it may cause greater damage to your system. Check this if the above instructions don't help you delete it.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme