The original g2mdlhlpx.exe is a part of Citrix GoToMeeting and GoToWebinar. Malware creators have copied this filename in an attempt to “hide” from PC owners and system administrators.

Someone who has Citrix GoToMeeting or GoToWebinar installed does not have to worry about this process. However, if he/she does not have either of these Citrix products installed on his/her PC, he/she will have to clean this malware from the PC.

The legitimate g2mdlhlpx.exe executable installs in the C:Documents and Settings%user account% folder. Rogue versions of this executable process are sometimes found in other locations such as C:WINDOWSjavag2mdlhlpx.exe.

The rogue g2mdlhlpx.exe process is classified as a Trojan virus, while there are versions of this file proven to be spyware applications or malware processes. It has a size that never exceeds 60kbytes. This threat is installed unknowingly into a user’s PC through the Internet, particularly through anti-spyware pop-up advertisements.

It has been reported that the file g2mdlhlpx.exe can also damage the Windows configuration, particularly with regards to the files’ boot up and config processes. Users who have encountered this threat reported that their browsers started redirecting them to certain network addresses. This led to the total corruption of most of these infected computers. This process also appears to be capable of disabling Windows firewall and automatic updates. The Windows OS versions that this malicious file can infect include:

  • Windows 98
  • Windows 95
  • Windows XP
  • Windows Me
  • Windows NT
  • Windows 2000