EVPN.EXE – KeyLogger Ardamax

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

EVPN.EXE – KeyLogger Ardamax removal

File MD5 Virus Alias
EVPN.EXE 8459b0ba642d016c60571a3ad31e6ec8 KeyLogger Ardamax
EVPN.EXE 8459b0ba642d016c60571a3ad31e6ec8 Trojan ModifiedUPX
EVPN.EXE 8459b0ba642d016c60571a3ad31e6ec8 Trojan SuspiciousFile
EVPN.EXE 8459b0ba642d016c60571a3ad31e6ec8 Trojan XPACK
EVPN.EXE 8459b0ba642d016c60571a3ad31e6ec8 Trojan Generic
EVPN.EXE 8459b0ba642d016c60571a3ad31e6ec8 Trojan DNAScan

EVPN.EXE size: 616960 bytes
EVPN.EXE hash: 8459B0BA642D016C60571A3AD31E6EC8

Created files:

%SysDir%\28463\AKV.exe
%SysDir%\28463\EVPN.001
%SysDir%\28463\EVPN.002
%SysDir%\28463\EVPN.006
%SysDir%\28463\EVPN.007
%SysDir%\28463\EVPN.exe
%Temp%\Necroxia Origin.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EVPN Agent: %WinDir%\System32\28463\EVPN.exe

Detected by UnHackMe:

EVPN.EXE
Default location: %SYSDIR%\28463\EVPN.EXE

Dropper information:
MD5: 7c6bd8c08a5d3fcd3213c86e2655b91b
File size: 1974419 bytes