EVPN.007 – KeyLogger Ardamax

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

EVPN.007 – KeyLogger Ardamax removal

File MD5 Virus Alias
EVPN.007 2183e6a435b000fc6e85b712513c3480 KeyLogger Ardamax
EVPN.007 2183e6a435b000fc6e85b712513c3480 Trojan Eldorado
EVPN.007 2183e6a435b000fc6e85b712513c3480 Trojan Agent

EVPN.007 size: 5632 bytes
EVPN.007 hash: 2183E6A435B000FC6E85B712513C3480

Created files:

%SysDir%\28463\AKV.exe
%SysDir%\28463\EVPN.001
%SysDir%\28463\EVPN.002
%SysDir%\28463\EVPN.006
%SysDir%\28463\EVPN.007
%SysDir%\28463\EVPN.exe
%Temp%\Necroxia Origin.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EVPN Agent: %WinDir%\System32\28463\EVPN.exe

Detected by UnHackMe:

EVPN.007
Default location: %SYSDIR%\28463\EVPN.007

Dropper information:
MD5: 7c6bd8c08a5d3fcd3213c86e2655b91b
File size: 1974419 bytes