Virus.Win32.Hala.a Description

Virus.Win32.Hala.a is a computer worm that is able to open up the infected system to outside attackers. Virus.Win32.Hala.a can ultimately compromise personal data stored on the hard drive of an infected computer. Virus.Win32.Hala.a may also populate the system registry with malicious entries that boot upon startup of Windows making it very difficult to manually detect and remove Virus.Win32.Hala.a completely. Virus.Win32.Hala.a could be related to the rogue anti-spyware program Additional Guard.

Type: Worms

How Can You Detect Virus.Win32.Hala.a?

Virus.Win32.Hala.a has typically the following processes in memory:

• %UserProfile%\Application Data\2565da61\sqlite3.dll
• %UserProfile%\Recent\energy.dll
• %UserProfile%\Recent\FS.dll
• %UserProfile%\Application Data\2565da61\mozcrt19.dll
• %UserProfile%\Recent\ddv.dll
• %UserProfile%\Recent\exec.exe
• %UserProfile%\Recent\tjd.sys
• %UserProfile%\Application Data\2565da61\AG345d.exe
• %UserProfile%\Recent\cb.exe
• %UserProfile%\Recent\energy.sys
• %UserProfile%\Recent\ppal.exe

Virus.Win32.Hala.a creates the following registry entries:

• HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=220&q={searchTerms}”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Additional Guard”
• HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
• HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://search-gala.com/?&uid=220&q={searchTerms}”
• HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″

Important Article Disclaimer