Virus.Win32.Hala.a
Virus.Win32.Hala.a is a computer worm that is able to open up the infected system to outside attackers. Virus.Win32.Hala.a can ultimately compromise personal data stored on the hard drive of an infected computer. Virus.Win32.Hala.a may also populate the system registry with malicious entries that boot upon startup of Windows making it very difficult to manually detect and remove Virus.Win32.Hala.a completely. Virus.Win32.Hala.a could be related to the rogue anti-spyware program Additional Guard.
File System Details
Virus.Win32.Hala.a may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\Application Data\2565da61\sqlite3.dll | |
| 2. | %UserProfile%\Recent\energy.dll | |
| 3. | %UserProfile%\Recent\FS.dll | |
| 4. | %UserProfile%\Application Data\2565da61\mozcrt19.dll | |
| 5. | %UserProfile%\Recent\ddv.dll | |
| 6. | %UserProfile%\Recent\exec.exe | |
| 7. | %UserProfile%\Recent\tjd.sys | |
| 8. | %UserProfile%\Application Data\2565da61\AG345d.exe | |
| 9. | %UserProfile%\Recent\cb.exe | |
| 10. | %UserProfile%\Recent\energy.sys | |
| 11. | %UserProfile%\Recent\ppal.exe | |
| 12. | %UserProfile%\Application Data\2565da61\AGSys | |
| 13. | %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Additional Guard.lnk | |
| 14. | %UserProfile%\Recent\CLSV.tmp | |
| 15. | %UserProfile%\Recent\PE.drv | |
| 16. | %UserProfile%\Start Menu\Programs\Additional Guard.lnk | |
| 17. | %UserProfile%\Application Data\2565da61\AG.ico | |
| 18. | %UserProfile%\Application Data\2565da61\ag.cfg | |
| 19. | %UserProfile%\Desktop\Additional Guard.lnk | |
| 20. | %UserProfile%\Recent\fan.drv | |
| 21. | %UserProfile%\Start Menu\Additional Guard.lnk | |
| 22. | %UserProfile%\Application Data\2565da61\278.mof | |
| 23. | %UserProfile%\Application Data\2565da61\AGSys\vd952342.bd | |
| 24. | %UserProfile%\Application Data\Additional Guard\cookies.sqlite | |
| 25. | %UserProfile%\Recent\dudl.drv | |
| 26. | %UserProfile%\Recent\SICKBOY.tmp | |
| 27. | %Program Files%\Mozilla Firefox\searchplugins\search.xml |
Registry Details
Virus.Win32.Hala.a may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Additional Guard"
HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
