Olhrwef.exe (Olhrwef) Worm Virus Removal

Danger Olhrwef.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe. The file can also spread across computers.

Type: Computer Worm (Click Here To Learn More)
Location: C:\Windows\system32\olhrwef.exe (Click Here To Learn How To Locate)
Risk Level: Medium (Learn More About Risk Levels)

Olhrwef.exe is a computer worm and a virus which spreads across computers. It tends to be bundled with many other forms of malware (viruses, adware, and worms) which seek to cause harm to the computer user.

It is recommended that you remove any malicious software such as Olhrwef.exe from your computer immediately. Below is our recommended removal tool for Olhrwef.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

Manual Removal – Olhrwef.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Olhrwef.exe File Details -
File Type – Executable – Olhrwef.exe is a executable file
First Identified – Jan 24 2024

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Suspicious File |

Tags:

This entry was posted on Friday, February 20th, 2024 at 10:24 am and is filed under Suspicious File. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Olhrwef.exe (Olhrwef) Worm Virus Removal”

esteban April 7th, 2024 at 2:31 pm

Bueno…para eliminar este virus se debe entrar a ejecutar en msconfig y desbloquear el casillero que se encuentra en inicio Olhrwef.exe. una vez echo eso se debe ejecutar el programa HijackThis luego se eliminara la barra que diga el nombre del virus el cual se encuentra en la carpeta de windows/system32/Olhrwef.exe.
ojo… este virus se encuentra como archivo oculto.

Beto April 25th, 2023 at 12:39 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:46, on 24/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\PeerGuardian2\pg2.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\VIA\RAID\vialogsv.exe
C:\ARCHIV~1\AVG\AVG8\avgam.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Malwarebytes’ Anti-Malware\mbam.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer proporcionado por Windows uE
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 – BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 – HKLM\..\Run: [QuickTime Task] “C:\Archivos de programa\QT Lite\qttask.exe” -atboottime
O4 – HKLM\..\Run: [IntelliPoint] “c:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe”
O4 – HKLM\..\Run: [Ad-Watch] C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe
O4 – HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [PeerGuardian] C:\Archivos de programa\PeerGuardian2\pg2.exe
O4 – HKCU\..\Run: [AlcoholAutomount] “C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 – HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICIO LOCAL’)
O4 – HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SERVICIO LOCAL’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Servicio de red’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Servicio de red’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 – Extra context menu item: E&xportar a Microsoft Excel – res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Consola de Sun Java – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 – Extra button: (no name) – {85d1f590-48f4-11d9-9669-0800200c9a66} – C:\WINDOWS\bdoscandel.exe
O9 – Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590-48f4-11d9-9669-0800200c9a66} – C:\WINDOWS\bdoscandel.exe
O9 – Extra button: Referencia – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 – IERESET.INF: START_PAGE_URL=https://www.busca7.com
O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) – https://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) – https://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) – https://ax.emsisoft.com/asquared.cab
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Autodesk Licensing Service – Autodesk – C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: Servicio Bonjour (Bonjour Service) – Apple Inc. – C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 – Service: Lavasoft Ad-Aware Service – Lavasoft – C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: StarWind AE Service (StarWindServiceAE) – Unknown owner – C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 – Service: VRAID Log Service – Unknown owner – C:\Archivos de programa\VIA\RAID\vialogsv.exe


End of file – 7322 bytes

Peppe July 8th, 2023 at 6:57 pm

Questo è il log della scansione ma nn so cosa fare per eliminare il file olhrwef.exe Aiuto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.54.15, on 08/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\KMaestro\KMaestro.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\CyberLink\PCM4Everio\EverioService.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\AhnRpta.exe
C:\Programmi\Creative\MediaSource5\CTCMSu.exe
C:\Programmi\Creative\MediaSource5\CtDetctu.exe
C:\Documents and Settings\LOFFREDO\Desktop\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Guida per l’accesso a Windows Live – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Programmi\Java\jre6\bin\jp2ssv.dll (file missing)
O4 – HKLM\..\Run: [VolPanel] “C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe” /r
O4 – HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 – HKLM\..\Run: [CreativeTaskScheduler] “C:\Programmi\Creative\Shared Files\CTSched.exe” /logon
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 – HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 – HKLM\..\Run: [RaidTool] C:\Programmi\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 – HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 – HKLM\..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P23 “EPSON Stylus D88 Series” /O6 “USB001″ /M “Stylus D88″
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [NBKeyScan] “C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 – HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [QuickTime Task] “C:\Programmi\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [EverioService] “C:\Programmi\CyberLink\PCM4Everio\EverioService.exe”
O4 – HKCU\..\Run: [msnmsgr] “C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [MSMSGS] “C:\Programmi\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [QUAD Scheduler] C:\Programmi\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 – HKCU\..\Run: [cdoosoft] C:\DOCUME~1\LOFFREDO\IMPOST~1\Temp\olhrwef.exe
O4 – HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVIZIO LOCALE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVIZIO DI RETE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 – Extra context menu item: E&sporta in Microsoft Excel – res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Ricerche – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
O16 – DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) –

Ráinor July 10th, 2023 at 12:16 pm

Meu antivirus Avast detectou esse rootkit, apesar de ter a opção de removê-lo imediatamente do sistema, tenho receio que isso possa ser ainda mais prejudicial ao meu computador. Por favor, o que fazer?

Leave a Reply