Holar Removal Tool Crack + Activator Updated
Holar Removal Tool is a useful application that was created in order to erase the Win32.Holar.H@mm worm.
The virus was written in Visual Basic and compressed with UPX.
Download Holar Removal Tool Crack
| Software developer |
Bitdefender LLC
|
| Grade |
4.6
833
4.6
|
| Downloads count | 6341 |
| File size | < 1 MB |
| Systems | Windows All |
When run, it will copy itself as HAwa.pif and will drop its embedded components: smtp.ocx (an SMTP ActiveX control used to send email messages; this component is registered using regsvr32) and the executable explore.exe.
The registry entry
[HKLMSoftwareMicrosoftWindowsCurrentVersion unExplore]
is created to run the worm at every start-up. The executable's read-only, hidden and system file attributes are set.
An empty file 0.mpeg is created and open (usually, with Media Player); this is probably meant to trick users to believe they had actually downloaded a (corrupted) multimedia file.
Copies of the worm are created in the Windows System folder with the following names:
Hot_Show.pif
Short_vClip.pif
Broke_ass.pif
Beauty_VS_Your_FaCe.pif
Endless_life.pif
Hearts_translator.pif
Shakiraz_Big_ass.pif
Sweet_but_smilly.pif
Lo0o0o0o0oL.pif
Gurls_Secrets.pif
Tedious_SeX.pif
Leaders_Scandals.pif
HaWawi_N_Hawaii.pif
Come_2_Cum.pif
Tears_of_Happiness.pif
White_AmeRica.pif
Famous_PpL_N_Bad_Setuations.pif
XxX_Mpegs_Downloader.pif
Teenz_Raper.pif
Real_Magic.pif
The_Truth_of_Love.pif
unfaithful_Gurls.pif
How_to_improve_ur_love.pif
AniMaL_N_Burning_Ladies.pif
Aint_it_Funny.pif
ToolAv01w32.pif
The virus scans for target email addresses in .txt, .htm, .html, .dbx files and in Internet Explorer's cache. The format of the emails sent is chosen from various combinations of Subject line and Body and the attachment is one of the files named above.
The virus will also attempt to copy itself in the Kazaa shared folder if this file sharing application is installed, using the names listed above. This way, other Kazaa users might download it from the infected user.
The registry entry
[HKCUDeathTime]
is initialized with 0 when the virus is installed; each time the virus is run again (when Windows is restarted), the value of the entry is incremented; when it reaches 30, the virus attempts to delete all .exe, .jpg, .doc, .pps, .ram, .zip files, and it displays several message boxes.
Finally, the virus will shutdown Windows; the operating system and all installed applications will have to be reinstalled.