Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


WINHELP.EXE PROCESS INFORMATION

Process Name  : Winhelp.exe

Process Path : %SYSTEM%\winhelp.exe [ please note that Microsoft Windows winhelp.exe will load from %Windows% folder ]

Malware Name  :W32.Lovegate.F@mm

Alias             : I-Worm/Lovegate, I-Worm.Supnot.f, WORM_LOVGATE.F, W32.HLLW.LoveGate.G@mm

Process Type    : Internet worm

Threat level : Medium

Process details :

                    Winhelp.exe is dropped by Lovegate.F worm in Windows System folder. It is a modified variant of Lovegate.C worm, uses e-mail addresses collected from *.ht* files to send infected messages. It also copies to shared network drives and drops backdoor programs in the infected system.

                     When the infected attachment is executed, the worm copies itself to Windows system folder as 

WinGate.exe
WinDriver.exe
Winrpc.exe
Winhelp.exe
Iexplore.exe
Kernel66.dll
NetServices.exe
Ravmond.exe

                     Lovegate worm creates new keys in the registry Run section to load automatically. It also modifies the registry to load whenever a text file is opened.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WinHelp = "C:\WINNT\System32\WinHelp.exe" 
WinGate initialize = "C:\WINNT\System32\WinGate.exe -remoteshell" 
Remote Procedure Call Locator = "RUNDLL32.EXE reg678.dll ondll_reg" 
Program In Windows = "C:\WINNT\System32\IEXPLORE.EXE"

HKEY_CURRENT_USER>Software>Microsoft>WindowsNT>
CurentVersion>Windows 
run RAVMOND.EXE

HKEY_CLASS_ROOT\txtfile\shell\open\command
winrpc.exe %1

                     Lovegate.F worm infects Windows 2000, NT and XP systems only. The worm tries to copy itself to the shared folders connected on the network in any of the following names

Are you looking for Love.doc.exe 
autoexec.bat 
The world of lovers.txt.exe 
How To Hack Websites.exe 
Panda Titanium Crack.zip.exe 
Mafia Trainer!!!.exe 
100 free essays school.pif 
AN-YOU-SUCK-IT.txt.pif 
Sex_For_You_Life.JPG.pif 
CloneCD + crack.exe 
Age of empires 2 crack.exe 
MoviezChannelsInstaler.exe 
Star Wars II Movie Full Downloader.exe 
Winrar + crack.exe 
SIMS FullDownloader.zip.exe 
MSN Password Hacker and Stealer.exe 

                     Lovegate worm uses its own SMTP engine to send infected messages. It drops backdoor programs in the infected system. Hackers to steal your data can use it. You can use Solo trial version to remove the worm from your system.

How can I protect my system?

                   Solo has incorporated Lovegate.F infected WinHelp.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   Solo antivirus can detect and remove Lovegate and its variants safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link