Question

Locked

How to remove olhrwef.exe?

By serrah_lorin ·
Hi there! I found this o.exe in my USB but NOD 32 didn't dismiss it as harmful. And so I opened my USB... however, o.exe was a worm.

Now i have olhrwef.exe on my computer which hides all my hidden files forever even if i set the folder options to show hidden files... ive even changed some settings in my registry. the checked value for hidden files is 0. whenever i change it to 1, it reverts back to 0.

also, even if i keep the olhrwef.exe from running at startup, everytime i turn on my laptop, it kinda resets itself.

what do i do with this?? i need help. PLEASE. i dont want to reformat my lappy again, ive got so many files.

PS
ive tried system restore too. hoping it would revert everything to its previous good state, but no luck. it deleted my restore points.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

As this is a Root Kit you need to proceed differently

by OH Smeg In reply to How to remove olhrwef.exe ...

Download the removal Utility from here

http://www.spywareremovalblog.com/remove-olhrwefexe/

This is considered as Dangerous and personally I would use a Utility like Boot & Nuke to wipe the HDD and then I would install the OS and all associated software then recover my Data from my Backup.

Root Kits are nasty and should be avoided at all costs.

Col

Collapse -

Removal

by Jacky Howe In reply to How to remove olhrwef.exe ...

If you want to try manual removal check out the steps in Solution. Also check the Technical Details.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FONLINEG%2ECPR&VSect=T

For the Memory Stick

One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ?Ravmon? , ?New Folder.exe?, ?Orkut is banned? etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives.

Don?t click on Ok , just choose ?Cancel?. Open the Command Prompt by typing ?cmd? in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

This will display a list of the files in the pen drive. Check whether the following files are there or not

Autorun.inf
Ravmon.exe
New Folder.exe
svchost.exe
Heap41a

or any other exe file which may be suspicious.

If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the ?Autorun.inf? file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread

http://www.whoismadhur.com/2008/01/26/how-to-remove-virus-from-usb-drives/

Collapse -

olhrwef removal

by sandeep.lalu In reply to How to remove olhrwef.exe ...

hi serrah,u r problem solved?or still u r looking for a solution. i removed the same virus olhrwef.exe from my pc manually.
sandeep

Collapse -

Need help with manual removal

by rent.services In reply to olhrwef removal

Hi Sandeep...I have the same problem with this virus..Can u help me about removing this manualy..I dont know how to make that...Please help me.

Collapse -

Did you read the posts above?

by seanferd In reply to Need help with manual rem ...

And follow the links? They will help.

One post has a link to a removal tool.
The other has instructions and a link to a site that shows the files and registry entries the malware creates (if the tool works, you won't need to remove it manually).

%System%\olhrwef.exe
%System%\nmdfgds{random number}

These are two main files to delete. Best way to delete manually would be to do it with the operating system offline, by booting from a utility CD or live CD. Such as
http://www.ultimatebootcd.com/

You would use one of the filesystem or ntfs tools to navigate to the /%system%/ directory of your Windows hard drive and delete those files. Make sure any flash drives you have are not infected also.

Reboot Windows and clean the registry with CCleaner. http://www.ccleaner.com/

Best to download these or any other programs or ISO files on an uninfected computer.

But why not see if the removal tool works first?

Collapse -

olhrwef removal

by sandeep.lalu In reply to Need help with manual rem ...

try this.it may work. not sure.
firstly insert your infected flash drive into USB port. then open dos window.(start menu,run,type cmd and then enter).
in dos window go to C:\windows\system32
then type attrib -r -s -h and enter to reset the file attributes.
then type del olhrwef.exe nmdfgd*.dll.
Now the virus was removed from the system32 folder.it may be present in some other locations also. try to remove that also...
go to C in dos window. reset the file attributes as mentioned before. then type del JM3CX96.bat autorun.inf to delete this files. follow the same step to all your drives including flash drive. then go to registry by typing regedit in start/run menu. In registry editor search for olhrwef.exe and delete the corresponding entries. Then in registry go HKLM\software\microsoft\windows\current version\explorer\advanced\folder\hidden, then change the checked value of NOHIDDEN to 2 and that of SHOWALL to 1.
go to msconfig by typing msconfig in start/run. in the startup tab uncheck any entry with olhrwef.exe. then remove flash drive and restart. may have gone.

Collapse -

reply remove olhrwef.exe manually

by chadfuse In reply to How to remove olhrwef.exe ...

1.go to start menu,run msconfig

2.choose run in diagnostic start up/ or go to starup option,unchecked olhrwef.exe then click apply then ok

3. reboot

4. run regedit startmenu>run>regedit

5.find HKLM/software/microsoft/windows/explorer/advance/hiddenfolders/--hidden and showall--modify the hidden checkedvalue to 1 & showall to 2.

6 .run explorer.exe startmenu>run>explorer.exe

7.go to Tools >folder options>view>chose show hidden files and folders and unchecked hide protected os files..apply

8. goto c:/windows/system32,find olhrwef.exe then delete it..

9.the to your disk drives delete all autorun.inf files and something oboed.exe(something like this name)

10. reboot...hope this will help!

Collapse -

How to remove olhrwef.exe?

by dxtoink In reply to How to remove olhrwef.exe ...

I was also infected with this, just yesterday.

What I did was:
-Installed Malware byte's anti-malware and ran it.. It detected the culprit and deleted it.
-I Rebooted my system
-Same thing again. I realised that I have 4 partitions in my hdd, I checked them all. Guess what?.. All of them were infected as well. I had no choice, to save me of all the trouble and from losing my sanity. I just reformatted my hdd and reinstalled windows.
-After installing all the necessary drivers I then reinstalled Malwarebytes did a scan, no infections were detected (thank God!). And installed BitDefender (I also had Eset Nod32 prior to reformatting my hdd) and performed a full system scan, it came clean.
-That was the end of my ordeal.

I was able to put all my files back from a backup drive.


hope this helps :)

Collapse -

use malwarebyte anti malware

by similar340 In reply to How to remove olhrwef.exe ...

hi,

i've the same case and i've used anti malware

it removed the virus completely

you can download from

http://www.malwarebytes.org/

Collapse -

just had a battle with one

by reggiebat In reply to How to remove olhrwef.exe ...

you must remove from each partition the file autorun.inf
has these associated files
nkbd1v.exe
gasretyw0.dll
nmdfgds0.dll
i use pc cillin but had it turned off to read phone memory card.
my own stupid fault
pc cillin will find all these files
delete them manually if it dosnt after a viris scan in the pccillin scan summary

it would'nt let me browse my hd until i removed them

all works good now.

any problems. email me

Back to Laptops Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums