An effective way of cleaning the Holar malware #Holar antivirus #Holar remover #Holar worm #Holar #Antivirus #Remover
Holar Removal Tool is a useful application that was created in order to erase the Win32.Holar.H@mm worm.
The virus was written in Visual Basic and compressed with UPX.
When run, it will copy itself as HAwa.pif and will drop its embedded components: smtp.ocx (an SMTP ActiveX control used to send email messages; this component is registered using regsvr32) and the executable explore.exe.
The registry entry
[HKLM\Software\Microsoft\Windows\CurrentVersion\run\Explore]
is created to run the worm at every start-up. The executable's read-only, hidden and system file attributes are set.
An empty file 0.mpeg is created and open (usually, with Media Player); this is probably meant to trick users to believe they had actually downloaded a (corrupted) multimedia file.
Copies of the worm are created in the Windows System folder with the following names:
Hot_Show.pif Short_vClip.pif Broke_ass.pif Beauty_VS_Your_FaCe.pif Endless_life.pif Hearts_translator.pif Shakiraz_Big_ass.pif Sweet_but_smilly.pif Lo0o0o0o0oL.pif Gurls_Secrets.pif Tedious_SeX.pif Leaders_Scandals.pif HaWawi_N_Hawaii.pif Come_2_Cum.pif Tears_of_Happiness.pif White_AmeRica.pif Famous_PpL_N_Bad_Setuations.pif XxX_Mpegs_Downloader.pif Teenz_Raper.pif Real_Magic.pif The_Truth_of_Love.pif unfaithful_Gurls.pif How_to_improve_ur_love.pif AniMaL_N_Burning_Ladies.pif Aint_it_Funny.pif ToolAv01w32.pif
The virus scans for target email addresses in .txt, .htm, .html, .dbx files and in Internet Explorer's cache. The format of the emails sent is chosen from various combinations of Subject line and Body and the attachment is one of the files named above.
The virus will also attempt to copy itself in the Kazaa shared folder if this file sharing application is installed, using the names listed above. This way, other Kazaa users might download it from the infected user.
The registry entry
[HKCU\DeathTime]
is initialized with 0 when the virus is installed; each time the virus is run again (when Windows is restarted), the value of the entry is incremented; when it reaches 30, the virus attempts to delete all .exe, .jpg, .doc, .pps, .ram, .zip files, and it displays several message boxes.
Finally, the virus will shutdown Windows; the operating system and all installed applications will have to be reinstalled.
- runs on:
- Windows All
- file size:
- 55 KB
- filename:
- antiholar-en.exe
- main category:
- Antivirus
- developer:
- visit homepage
Windows Sandbox Launcher
Zoom Client
Context Menu Manager
Microsoft Teams
IrfanView
Bitdefender Antivirus Free
calibre
7-Zip
4k Video Downloader
ShareX
- 7-Zip
- 4k Video Downloader
- ShareX
- Windows Sandbox Launcher
- Zoom Client
- Context Menu Manager
- Microsoft Teams
- IrfanView
- Bitdefender Antivirus Free
- calibre