HLDRRR.EXE is known by most anti-viruses as being Spyware or Trojan-Downloader.Win32.Bagle.sn, but it escaped for a long time and is still escaping from very well-known anti-viruses, such as Norton and Avira.
The other day I had a great experience with this executable – virus. If you encounter it on your PCs, you must be sure that your computer is infected and that you need one anti virus serious.
content
Where does hldrrr.exe come from.
This executable comes to your PC most times when you download and install a toolbar for Internet Explorer, it is accessed and 
install strange programs from site-uri virusate or they open executable files come through email / spam ca attachment. It is known as the virus of those without minimal experience in computers, who install any program opened in a pop-up and who do not know how to avoid misleading advertisements and emails.
Along with the hldrrr.exe executable, the following also appear in the system: wintems.exe, srosa.sys plus folderele “down” and “downld”.
Raport Kaspersky Anti-Virus
Trojan program : Trojan-Downloader.Win32.Bagle.sn / Trojan.R
locate: C:WINDOWSsystem32drivershldrrr.exe
Danger level: High
In my case, hldrrr.exe appeared in the folder “%System%WINDOWSsystem32drivers” but this executable can also be found in other system32 folders or even in the root of this system folder.
Remove Virus File – hldrrr.exe
1. Daca anti-virus has detected this virus but cannot delete it, follow the scan report and see exactly where the hldrrr.exe file is located. Open Task Manager (Ctrl+Shift+Esc), go to the tab Processes And give kill to the hldrrr.exe process.
2. Open Command Prompt and give the commands: (after each command press Enter)
cd C:WINDOWSsystem32drivers (to reach the folder)
del hldrrr.exe
del down
del downld
The other files that accompany hldrrr.exe, wintems.exe and srosa.sys are located in “system32”.
cd .. (to get to the folder “parent” of the current folder.)
del wintems.exe
of the srosa.sys
3. After deleting the malware files, we will have to clean our registries (windows registry) .
Open the registry editor and go to:
HKEY_CURRENT_USERSoftware
We click on the Software plus and look for the folder FirstRRRun. Right click and Delete.
We go to the next register to delete the key “drvsyskit“
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run
In the list on the right we search and delete “drvsyskit”.
4. Restart computer.
Normally, after the above operations, you should get rid of this virus, but to make sure that there are no other malware applications on your computer, it is recommended to use an anti-virus good for scanning computer.
*I found this virus on an operating system Windows XP protected by Avira AntiVir Personal. The detailed virus report and devirusing was done with Kaspersky Anti Virus 2010.
