EVPN.006 – KeyLogger Ardamax

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

EVPN.006 – KeyLogger Ardamax removal

File MD5 Virus Alias
EVPN.006 911a5a213762001178a48b2ceefa1880 KeyLogger Ardamax
EVPN.006 911a5a213762001178a48b2ceefa1880 Trojan UnwantedProgram
EVPN.006 911a5a213762001178a48b2ceefa1880 Trojan Eldorado
EVPN.006 911a5a213762001178a48b2ceefa1880 Trojan Downloader
EVPN.006 911a5a213762001178a48b2ceefa1880 Trojan Agent
EVPN.006 911a5a213762001178a48b2ceefa1880 Backdoor Bifrose

EVPN.006 size: 8192 bytes
EVPN.006 hash: 911A5A213762001178A48B2CEEFA1880

Created files:

%SysDir%\28463\AKV.exe
%SysDir%\28463\EVPN.001
%SysDir%\28463\EVPN.002
%SysDir%\28463\EVPN.006
%SysDir%\28463\EVPN.007
%SysDir%\28463\EVPN.exe
%Temp%\Necroxia Origin.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EVPN Agent: %WinDir%\System32\28463\EVPN.exe

Detected by UnHackMe:

EVPN.006
Default location: %SYSDIR%\28463\EVPN.006

Dropper information:
MD5: 7c6bd8c08a5d3fcd3213c86e2655b91b
File size: 1974419 bytes