Solved! Use SERVER.EXE (Backdoor Farfli) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SERVER.EXE – Backdoor Farfli removal

File MD5 Virus Alias
SERVER.EXE 660c74b59db30a9cef302b0f048fc809 Backdoor Farfli
SERVER.EXE 660c74b59db30a9cef302b0f048fc809 Trojan Artemis
SERVER.EXE 660c74b59db30a9cef302b0f048fc809 Trojan Generic
SERVER.EXE 660c74b59db30a9cef302b0f048fc809 Trojan CI
SERVER.EXE 660c74b59db30a9cef302b0f048fc809 Trojan Agent
SERVER.EXE 660c74b59db30a9cef302b0f048fc809 Backdoor Zegost

SERVER.EXE size: 15862336 bytes
SERVER.EXE hash: 660C74B59DB30A9CEF302B0F048FC809

Created files:

%Program Files%\Ruelkm ustiu\server.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Qhjffw calrva\ConnectGroup: ??????
HKLM\System\CurrentControlSet\Services\Qhjffw calrva\MarkTime: 2015-11-20 01:33
HKLM\System\CurrentControlSet\Services\Qhjffw calrva\Type: 10010000
HKLM\System\CurrentControlSet\Services\Qhjffw calrva\Start: 02000000
HKLM\System\CurrentControlSet\Services\Qhjffw calrva\DisplayName: Tpcvtv wdwavgth
HKLM\System\CurrentControlSet\Services\Qhjffw calrva\ImagePath: %Program Files%\Ruelkm ustiu\server.exe
HKLM\System\CurrentControlSet\Services\Ruyjle aiipjacg\ReleiceName: Qhjffw calrva

Detected by UnHackMe:

SERVER.EXE
Default location: %PROGRAM FILES%\RUELKM USTIU\SERVER.EXE

Dropper information:
MD5: 660c74b59db30a9cef302b0f048fc809
File size: 15862336 bytes

Leave a Reply