1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is shlwapi.exe a Trojan - how can I get rid of it?

Discussion in 'Virus & Other Malware Removal' started by Fexa, Oct 13, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Fexa

    Fexa Thread Starter

    Joined:
    Oct 13, 2004
    Messages:
    3
    Hi,

    This morning after I started my laptop Norton Antivirus gave me a message I have a Trojan virus on my computer in object name: "shlwapi.exe" and Norton is unable to do anything about it.

    Virus name is: Trojan.Adwaheck
    It sits at my C:/windows/System32/shlwapi.exe
    I have Windows XP on this computer with SP2

    I've looked all over the Net, incl. Symantec, MS site, Pacman Portal, even this forum, but cannot find a word about "shlwapi.exe" and what to do with that infected file.

    Symantec gives general info how to get rid of Adwaheck saying I should Delete infected files, but I am afraid to delete "shlwapi.exe" if I don't know what is it. I looked all over the net to find info about "shlwapi.exe" incl. MS, Pacman Portal and this forum, but cannot find anything about "shlwapi.exe."

    What is it, and how to clean it from that Adwaheck Trojan?
    Also how could this thing come to my computer if I never open any attachments I don't know about, and have Norton and Zone Alarm installed?

    Any help would be appreciated
    Thank you

    Fexa
     
  2. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    Hi Fexa,

    I suggest you to download HijackThis from www.tomcoyote.org/hjt .
    Extract the zip file in a permanent folder (example : C:\Program Files\HJT );
    Close all open windows (it is important);
    Run HijackThis : click Scan, click Save log to get a file called hijackthis.log and post the whole content of the log to this thread.
     
  3. Fexa

    Fexa Thread Starter

    Joined:
    Oct 13, 2004
    Messages:
    3
    Hi Chicon
    thanks for quick reply.
    Would you like to see the Whole log? It is long...
    so for now I just posted the part referring to my problem:

    I ran the HijackThis, but it basically has shown me the same I already known before - where that darn virus is, and what value it creates in Registry key:
    O4 - HKCU\..\Run: [shlwapi] C:\WINDOWS\System32\shlwapi.exe

    the full path to that key is:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    - just I am afraid to remove anything from registry as I cannot find anything about shlwapi.exe file although it seems Windows does need this file.
    Symantec says in its removal instructions:
    "If any files are detected as infected with Trojan.Adwaheck write down the path and file name, and then click Delete."
    According to info I got from my version of Norton the path is C:\WINDOWS\System32\shlwapi.exe, but I am afraid to delete that file.
    or maybe I just misunderstand it, and removing value from the registry will be enough?

    Symantec tells me I should backup the Windows registry before I delete anything, but if I backup it, won't it also Save the same infected file/registry key?

    Sorry for these questions, but I am not exactly the tech type
    Thanks again for your reply.

    Fexa
    PS.
    Errare humanum est - I just wish our politicians wouldn't be so "human" ;-)
     
  4. Chicon

    Chicon

    Joined:
    Jul 29, 2004
    Messages:
    6,650
    Yes, I am waiting for your log :)
     
  5. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,183
    Please post the whole log and we will be able to give you a helping hand
     
  6. Fexa

    Fexa Thread Starter

    Joined:
    Oct 13, 2004
    Messages:
    3
    My apology guys for some reason I didn’t get any message somebody had responded to my post although I was regularly checking my mail through my other computer, so I haven’t checked here up till now as I was busy doing my backups and studying all that complicated info on Symantec and Microsoft pages.

    Update: I got that Trojan off my system, however not trusting my idea I also proceeded to do all those steps Symantec recommends for removing this virus, only to find out that yes, indeed I removed it! ;-)

    Still bugs me however How could I get it if I have so Many programs which are supposed to protect ones computer; incl. Norton Antivirus (regularly updated), Zone Alarm Fire wall, WinPatrol, Mailwasher, not to mention I downloaded just 3 days ago that Bugger Windows XP Service Pack2 whose only function seems to be preventing me to preview PDF files on the Net, or blocking java/javascripts based drop down menus and other needed things I Want to see!

    Not to mention still cannot find Anything on the Net about that shlwapi.exe file… so I was scared!

    I would like to thank you one more time for taking the time to respond to my message and trying to help. I appreciate it very much!

    Thank you!

    Fexa
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/284184

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice