Home     Blog

g2mdlhlpx.exe

The original g2mdlhlpx.exe is a part of Citrix GoToMeeting and GoToWebinar. Malware creators have copied this filename in an attempt to “hide” from PC owners and system administrators.

Someone who has Citrix GoToMeeting or GoToWebinar installed does not have to worry about this process. However, if he/she does not have either of these Citrix products installed on his/her PC, he/she will have to clean this malware from the PC.

The legitimate g2mdlhlpx.exe executable installs in the C:Documents and Settings%user account% folder. Rogue versions of this executable process are sometimes found in other locations such as C:WINDOWSjavag2mdlhlpx.exe.g2mdlhlpxexe g2mdlhlpx.exe

The rogue g2mdlhlpx.exe process is classified as a Trojan virus, while there are versions of this file proven to be spyware applications or malware processes. It has a size that never exceeds 60kbytes. This threat is installed unknowingly into a user’s PC through the Internet, particularly through anti-spyware pop-up advertisements.

It has been reported that the file g2mdlhlpx.exe can also damage the Windows configuration, particularly with regards to the files’ boot up and config processes. Users who have encountered this threat reported that their browsers started redirecting them to certain network addresses. This led to the total corruption of most of these infected computers. This process also appears to be capable of disabling Windows firewall and automatic updates. The Windows OS versions that this malicious file can infect include:

  • Windows 98
  • Windows 95
  • Windows XP
  • Windows Me
  • Windows NT
  • Windows 2000
VN:F [1.9.17_1161]
Rating: 10.0/10 (1 vote cast)
g2mdlhlpx.exe, 10.0 out of 10 based on 1 rating
Follow Will.Spencer on

Comments (5)

 

  1. Joanne says:

    THANKYOU this is the best and most complete answer I have ever gotten or a malware problem. I have the g2mtg file because I need it. Other sites would have removed the file and it would have created major problems for me.

    VA:F [1.9.17_1161]
    Rating: 0.0/5 (0 votes cast)
    Reply
  2. jb says:

    Re “never exceeds 60kbytes.” Please clarify.
    Does this mean that mine (71kb) is legitimate or not?

    VA:F [1.9.17_1161]
    Rating: 0.0/5 (0 votes cast)
    Reply
  3. John C says:

    All I can say is what incompetent boob would use the users profile directory to run applications from.  A executable file located in the users profile directory is a red flag and you should verify the file before continuing.  

    Despite what the above article states you should submit the file to VirusTotal as an added measure to insure the file does not contain a virus.

    A competent programmer will not install and execute an application from users profile dir.
     

    VA:F [1.9.17_1161]
    Rating: 0.0/5 (0 votes cast)
    Reply
    • Kevin H says:

      we are talking about hackers writing viruses not Competent Programmers.  Arent all Hackers just BOOBS anyway.

      VA:F [1.9.17_1161]
      Rating: 0.0/5 (0 votes cast)
      Reply
  4. coucou says:

    hello, this malware infected my computer, my os is Windows 7

    VA:F [1.9.17_1161]
    Rating: 0.0/5 (0 votes cast)
    Reply

Leave a Reply

Related Posts

  • How to Remove a Trojan Adclicker

    A user with a Microsoft Windows XP-based computer which is infected by Trojan Adclicker variants such as the Adclicker.G can use malware removal programs such as the BPS Spyware/Adware Remover in order to automatically detect and get rid of this malware program. Ensure that the removal tool you use is updated with the latest spyware [...]...


  • SMSS.exe

    There are many processes that run behind the scenes in Windows operating systems. One of these processes that may look suspicious is the SMSS.exe. This is an execution file with the full name Session Management Subsystem. The Session Manager Subsystem is responsible for starting a session. When this process begins, the system thread is responsible [...]...


  • spooldr.sys

    The file spooldr.sys damages the stability of integral processes necessary for Microsoft (MS) Windows Operating System versions to function correctly. The spooldr.sys infects computers running on MS Windows by making use of the Trojan.Packed.13 malware application. The Trojan.Packed.13 is a malicious process that is distributed through spam known as Peacomm. The Peacomm spam convinces its [...]...


  • How to Remove Zlob

    Also known as Troj/Zlob-QJ, the Zlob spyware trojan affects the Windows operating system. The trojan is activated once it has launched itself into a file and downloaded and installed from remote locations. Once installed, the spyware Zlob inputs malicious code into the system processes. Results from this spyware ranges from modifying data on the computer, [...]...


  • Windows Genuine Advantage

    Windows Genuine Advantage (WGA) is an automated validation process integrated on later Microsoft operating system products. Windows Genuine Advantage was developed by Microsoft Corporation in order to bolster its anti-piracy campaign. This automated validation process makes it a requirement for Microsoft Windows OS users to go through a series of validation systems before being granted [...]...