g2mdlhlpx.exe

The original g2mdlhlpx.exe is a part of Citrix GoToMeeting and GoToWebinar. Malware creators have copied this filename in an attempt to “hide” from PC owners and system administrators.

Someone who has Citrix GoToMeeting or GoToWebinar installed does not have to worry about this process. However, if he/she does not have either of these Citrix products installed on his/her PC, he/she will have to clean this malware from the PC.

The legitimate g2mdlhlpx.exe executable installs in the C:Documents and Settings%user account% folder. Rogue versions of this executable process are sometimes found in other locations such as C:WINDOWSjavag2mdlhlpx.exe.

The rogue g2mdlhlpx.exe process is classified as a Trojan virus, while there are versions of this file proven to be spyware applications or malware processes. It has a size that never exceeds 60kbytes. This threat is installed unknowingly into a user’s PC through the Internet, particularly through anti-spyware pop-up advertisements.

It has been reported that the file g2mdlhlpx.exe can also damage the Windows configuration, particularly with regards to the files’ boot up and config processes. Users who have encountered this threat reported that their browsers started redirecting them to certain network addresses. This led to the total corruption of most of these infected computers. This process also appears to be capable of disabling Windows firewall and automatic updates. The Windows OS versions that this malicious file can infect include:

  • Windows 98
  • Windows 95
  • Windows XP
  • Windows Me
  • Windows NT
  • Windows 2000

Rate this article:

g2mdlhlpx.exe, 4.71 / 5 (7 votes)
Last updated .

Follow Will.Spencer on
  • Joanne

    THANKYOU this is the best and most complete answer I have ever gotten or a malware problem. I have the g2mtg file because I need it. Other sites would have removed the file and it would have created major problems for me.

  • http://www.tech-faq.com/g2mdlhlpxexe.html#respond jb

    Re “never exceeds 60kbytes.” Please clarify.
    Does this mean that mine (71kb) is legitimate or not?

  • John C

    All I can say is what incompetent boob would use the users profile directory to run applications from.  A executable file located in the users profile directory is a red flag and you should verify the file before continuing.  

    Despite what the above article states you should submit the file to VirusTotal as an added measure to insure the file does not contain a virus.

    A competent programmer will not install and execute an application from users profile dir.
     

    • Kevin H

      we are talking about hackers writing viruses not Competent Programmers.  Arent all Hackers just BOOBS anyway.

      • Jon

        The text states that the legitimate exe for Citrix installs to the user directory

  • coucou

    hello, this malware infected my computer, my os is Windows 7