M_P_A
asked on
Unknown .exe file (g2mdlhlpx.exe) -
Has anyone come across this file (g2mdlhlpx.exe). Found on system with windows xp pro sp2 : location was C:\Documents and Settings\%user account% . This is the only user (other than the administrator) who uses this computer. No other systems have the specifed file and the subject computer has been corrupted beyond repair. The system just will NOT boot, it is missing now most system and config files as well as the "my documents" , "local settings" , "application data" etc. from the user's account. Any info would be much appreciated or if you can point me to a more appropriate forum.
thanks
mike
thanks
mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agree that it is most likely a virus. A repair install of Windows at the very least may be in order if you can't even boot.
ASKER
Some extensive research has exposed a likely answer: It seems very likely that this file is part of the install package for citrix GoToMeeting. strange thing is this is the only trace of the software on the computer.
Chinmay - good advice of file properties (had difficult time getting this) but that is what pointed me in the direction of finding my answer (was able to find it was verisigned with the serial number 13 51 99 f1 44 7e b9 8f 7c a8 36 dd 0c 0e 98 a4). any confirmation to my theory above would be fantastic.
Chinmay - good advice of file properties (had difficult time getting this) but that is what pointed me in the direction of finding my answer (was able to find it was verisigned with the serial number 13 51 99 f1 44 7e b9 8f 7c a8 36 dd 0c 0e 98 a4). any confirmation to my theory above would be fantastic.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
According to this, it's part of Citrix. They own GoToMyPC which uses the same technology, so maybe that's where it came from. If you installed any remote-control type program, contact the vendor and ask their Tech Support about it. There's also the possibility that it got there when you had someone else remotely control your PC (such as Dell or HP to solve a computer problem with you). Just didn't want this thread to die without adding this possibly helpful info.
http://www.tallemu.com/oasis2/file/citrix_online/unspecified_product/g2mdlhlpx_exe/93746
http://www.techsupportforum.com/840196-post23.html
http://www.tallemu.com/oasis2/file/citrix_online/unspecified_product/g2mdlhlpx_exe/93746
http://www.techsupportforum.com/840196-post23.html
I can confirm that this is a product of citrix's GoToMyPC, and was left behind after an uninstallation on my Windows system.
The citrix version does not reside in the User's directories. The information I am finding is that there is a rootkit that is using this file when in that location.
Random file names are usually a sign or Malware or Viruses. See if you can login as built-in Administrator and delete that file. Follow-up with a thorough virus scan.
Try Trend Micro's Sysclean package (free), it's capable of eliminating keyloggers, trojans etc. Full instructions at:
http://aumha.net/viewtopic.php?t=10820
AVG Anti-Virus: (freeware)
http://www.grisoft.com/us/us_index.php