PC Pals Forum

Technical Help & Discussion => Broadband, Networking, PC Security, Internet & ISPs => Topic started by: Clive on October 13, 2006, 11:24

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: Clive on October 13, 2006, 11:24

While doing a routine virus/trojan check, XoftSpy has picked up this little blighter.  No matter how many times I remove it, it's still there on repeat scans.  AdAware, Norton's, SpywareBlaster and Spybot cannot detect it.  I can't use XoftSpy in Safe Mode because it's Internet based and switching System Restore off has no effect.  It was also on Mrs Clive's machine but XoftSpy removed it without problem.

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: Simon on October 13, 2006, 18:15

XoftSpySE claims to be able to remove it, Clive.  Are you sure you can't run it in safe mode?  I don't see what you mean about it being 'internet based'.  :?

http://labs.paretologic.com/spyware.aspx?remove=W32.HLLW.Heffer

What might do it is to run a registry cleaner immediately after the spyware scan.  There's obviously something in the registry which is making it come back when you reboot.  You could also try the trial version of Ewido (http://www.ewido.net/en/download/) which I think does remove things without purchase.

Let me know if you need help with the latest version of XoftSpySE.  ;)

You could also try a free trial version of Kaspersky Internet Security (http://www.kaspersky.com/uk/trials), which I have found to be excellent, but it will require the removal of any other anti-virus software and third party firewalls.

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: Clive on October 13, 2006, 18:36

Thanks for those tips Simon.  Can't try them right now as I'm just on my way to pick Sam and his girlfriend up from the train station.   :laugh:

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: Clive on October 14, 2006, 17:39

XoftSpy is removing it but when I repeat the scan (without having to re-boot) it's still there.  XoftSpy SE claims it can remove it but requires registration.   :cry: It also finds something called "MailDropper".  Ewido also finds MailDropper and removed it FOC.   :laugh:  It's really strange that this particular nasty is only detected by Xoft which rates it as "severe" yet it remains invisible to everything else.

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: Simon on October 14, 2006, 18:27

Not pointing the finger at XoftSpy in particular, but many of these type of applications use tricks to pursuade you to hand over cash.  I wonder if this is a sales tactic, or whether XoftSpy is genuinely the only application which can find and remove this particular piece of malware?  The odd thing is, if it removed it from Jane's machine, why can't it remove it from yours?  :?

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: chorleydave on October 14, 2006, 20:25

Clive, I'm sending you a PM.   :wink:

Title: W32.HLLW.Heffer.Registry ValuWorm
Post by: Clive on October 14, 2006, 23:56

Thanks Dave.   8-)