G
Guest
I have hedgie.exe running on my computer. How can I remove it and what is it?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
B
Bill Sanderson
Can you find it (i.e. browse to it?)
Test it at these two sites--see the browse button in the top line of each:
http://www.virustotal.com
http://virusscan.jotti.org
Googling on the name is another way to get some ideas--but interpreting the
results can be challenging.
Test it at these two sites--see the browse button in the top line of each:
http://www.virustotal.com
http://virusscan.jotti.org
Googling on the name is another way to get some ideas--but interpreting the
results can be challenging.
B
Bill Sanderson
I've now had time to do some googling.
I would recommend doing an antivirus scan of this system--perhaps with an
antivirus that also targets spyware. It has been a while since I've been
there, but Trend Micro's scanner used to be a good choice for this:
http://housecall.trendmicro.com
My sense is that this file is malware of some kind, but I don't have a clear
label to stick on it--didn't dig too deeply.
--
I would recommend doing an antivirus scan of this system--perhaps with an
antivirus that also targets spyware. It has been a while since I've been
there, but Trend Micro's scanner used to be a good choice for this:
http://housecall.trendmicro.com
My sense is that this file is malware of some kind, but I don't have a clear
label to stick on it--didn't dig too deeply.
--
G
Guest
Its a backdoor Trojan and needs to be removed, Here's some info on the file
and removal instructions
hedgie.exe
Infections detected by these scanners:
AntiVir (Trojan/Dldr.Agen.xq.2.C) ArcaVir (Trojan.Proxy.Small.Bo)
Avast (Win32:Trojano-2975) AVG Antivirus (Proxy.AMD) BitDefender
(Trojan.Proxy.Small.DC) Dr.Web (Trojan.Proxy.524) Fortinet (W32/Cosiam.D!tr)
Kaspersky Anti-Virus (Trojan-Proxy.Win32.Small.bo) NOD32 (variant of
Win32/TrojanProxy.Daemonize) VBA32 (Trojan-Proxy.Win32.Small.bo)
Here's some details on a different variant of Trojan.Proxy Small.bo as its
possible this will have the same function.
http://www.sophos.com/virusinfo/analyses/trojsmalled.html
It has 3 registry start up values in these area's
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[hedgie] C:\WINDOWS\System32\hedgie.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[hedgie] C:\WINDOWS\System32\hedgie.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[hedgie] C:\WINDOWS\System32\hedgie.exe
the file is located in system32 and also may have backups stored in the
Windows temp folder and Temporary Internet Files folder. Use Ewido as it will
remove this infection.
Please download, install, and update the trial version of ewido security
suite
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes close Ewido
Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
Run Ewido again. From the main menu click on 'scanner' then click 'Complete
System Scan' When ewido finds something, it will pop up a notification.
Select "Remove" and check the boxes "Perform action with all infections" and
"Create encrypted backup" then click on ok.When the scan finishes, click on
"Save Report" and save it to your desktop or c:/drive incase you need it
again.
*Note* Ewido will perform fine after the 14 day trial expires, you will just
have to manually update the scanner before using it as the auto updates will
stop after 14 days, Its worth keeping on your system as they release updates
daily and its one of the best scanners/removers available
run Disk Cleanup to remove temporary files, goto start and run and type
cleanmgr
press ok then place checks next to Temporary files and recycle bin and press
ok again to remove them.
Reboot back to Normal Mode and follow Bill's Advise about running Online
Virus scans to make sure there isnt other problems on your system.
Regards
Andy
and removal instructions
hedgie.exe
Infections detected by these scanners:
AntiVir (Trojan/Dldr.Agen.xq.2.C) ArcaVir (Trojan.Proxy.Small.Bo)
Avast (Win32:Trojano-2975) AVG Antivirus (Proxy.AMD) BitDefender
(Trojan.Proxy.Small.DC) Dr.Web (Trojan.Proxy.524) Fortinet (W32/Cosiam.D!tr)
Kaspersky Anti-Virus (Trojan-Proxy.Win32.Small.bo) NOD32 (variant of
Win32/TrojanProxy.Daemonize) VBA32 (Trojan-Proxy.Win32.Small.bo)
Here's some details on a different variant of Trojan.Proxy Small.bo as its
possible this will have the same function.
http://www.sophos.com/virusinfo/analyses/trojsmalled.html
It has 3 registry start up values in these area's
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[hedgie] C:\WINDOWS\System32\hedgie.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[hedgie] C:\WINDOWS\System32\hedgie.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[hedgie] C:\WINDOWS\System32\hedgie.exe
the file is located in system32 and also may have backups stored in the
Windows temp folder and Temporary Internet Files folder. Use Ewido as it will
remove this infection.
Please download, install, and update the trial version of ewido security
suite
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes close Ewido
Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
Run Ewido again. From the main menu click on 'scanner' then click 'Complete
System Scan' When ewido finds something, it will pop up a notification.
Select "Remove" and check the boxes "Perform action with all infections" and
"Create encrypted backup" then click on ok.When the scan finishes, click on
"Save Report" and save it to your desktop or c:/drive incase you need it
again.
*Note* Ewido will perform fine after the 14 day trial expires, you will just
have to manually update the scanner before using it as the auto updates will
stop after 14 days, Its worth keeping on your system as they release updates
daily and its one of the best scanners/removers available
run Disk Cleanup to remove temporary files, goto start and run and type
cleanmgr
press ok then place checks next to Temporary files and recycle bin and press
ok again to remove them.
Reboot back to Normal Mode and follow Bill's Advise about running Online
Virus scans to make sure there isnt other problems on your system.
Regards
Andy
B
Bill Sanderson
Thanks very much, Andy! Guess I should have dug a bit more...
--
--
AndyManchesta said:Its a backdoor Trojan and needs to be removed, Here's some info on the
file
and removal instructions
hedgie.exe
Infections detected by these scanners:
AntiVir (Trojan/Dldr.Agen.xq.2.C) ArcaVir (Trojan.Proxy.Small.Bo)
Avast (Win32:Trojano-2975) AVG Antivirus (Proxy.AMD) BitDefender
(Trojan.Proxy.Small.DC) Dr.Web (Trojan.Proxy.524) Fortinet
(W32/Cosiam.D!tr)
Kaspersky Anti-Virus (Trojan-Proxy.Win32.Small.bo) NOD32 (variant of
Win32/TrojanProxy.Daemonize) VBA32 (Trojan-Proxy.Win32.Small.bo)
Here's some details on a different variant of Trojan.Proxy Small.bo as its
possible this will have the same function.
http://www.sophos.com/virusinfo/analyses/trojsmalled.html
It has 3 registry start up values in these area's
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[hedgie] C:\WINDOWS\System32\hedgie.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[hedgie] C:\WINDOWS\System32\hedgie.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[hedgie] C:\WINDOWS\System32\hedgie.exe
the file is located in system32 and also may have backups stored in the
Windows temp folder and Temporary Internet Files folder. Use Ewido as it
will
remove this infection.
Please download, install, and update the trial version of ewido security
suite
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left
menu,
then click the Start update button. After the update finishes close Ewido
Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
Run Ewido again. From the main menu click on 'scanner' then click
'Complete
System Scan' When ewido finds something, it will pop up a notification.
Select "Remove" and check the boxes "Perform action with all infections"
and
"Create encrypted backup" then click on ok.When the scan finishes, click
on
"Save Report" and save it to your desktop or c:/drive incase you need it
again.
*Note* Ewido will perform fine after the 14 day trial expires, you will
just
have to manually update the scanner before using it as the auto updates
will
stop after 14 days, Its worth keeping on your system as they release
updates
daily and its one of the best scanners/removers available
run Disk Cleanup to remove temporary files, goto start and run and type
cleanmgr
press ok then place checks next to Temporary files and recycle bin and
press
ok again to remove them.
Reboot back to Normal Mode and follow Bill's Advise about running Online
Virus scans to make sure there isnt other problems on your system.
Regards
Andy