Solved! Use SERVER.EXE (Trojan Artemis) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SERVER.EXE – Trojan Artemis removal

File MD5 Virus Alias
SERVER.EXE 31505e56e24720b9b03a970cc6e2c1a8 Trojan Artemis
SERVER.EXE 31505e56e24720b9b03a970cc6e2c1a8 Trojan SuspiciousFile
SERVER.EXE 31505e56e24720b9b03a970cc6e2c1a8 Trojan Win32-Spy
SERVER.EXE 31505e56e24720b9b03a970cc6e2c1a8 Trojan Eldorado
SERVER.EXE 31505e56e24720b9b03a970cc6e2c1a8 Trojan Downloader
SERVER.EXE 31505e56e24720b9b03a970cc6e2c1a8 Trojan PAM

SERVER.EXE size: 21504 bytes
SERVER.EXE hash: 31505E56E24720B9B03A970CC6E2C1A8

Created files:

%WinDir%\InstallDir\Server.exe

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{5460C4DF-B266-909E-CB58-E32B79832EB2}\StubPath: 43003A005C00570049004E0044004F00570053005C0049006E007300740061006C006C004400690072005C005300650072007600650072002E00650078006500200072006500730074006100720074000000
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HKLM: 43003A005C00570049004E0044004F00570053005C0049006E007300740061006C006C004400690072005C005300650072007600650072002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU: 43003A005C00570049004E0044004F00570053005C0049006E007300740061006C006C004400690072005C005300650072007600650072002E006500780065000000

Detected by UnHackMe:

SERVER.EXE
Default location: %WinDir%\INSTALLDIR\SERVER.EXE

Dropper information:
MD5: 31505e56e24720b9b03a970cc6e2c1a8
File size: 21504 bytes

Leave a Reply