Solved! Use SERVER.EXE (Trojan Delf) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SERVER.EXE – Trojan Delf removal

File MD5 Virus Alias
SERVER.EXE d84960d5dffcb07bfbc1e63187b2d6b0 Trojan Delf
SERVER.EXE d84960d5dffcb07bfbc1e63187b2d6b0 Trojan (Suspicious File)
SERVER.EXE d84960d5dffcb07bfbc1e63187b2d6b0 Trojan Artemis
SERVER.EXE d84960d5dffcb07bfbc1e63187b2d6b0 Backdoor Cybergate
SERVER.EXE d84960d5dffcb07bfbc1e63187b2d6b0 Trojan Downloader
SERVER.EXE d84960d5dffcb07bfbc1e63187b2d6b0 Backdoor Poison

SERVER.EXE size: 483840 bytes
SERVER.EXE hash: D84960D5DFFCB07BFBC1E63187B2D6B0

Created files:

C:\dir\install\install\server.exe
%Temp%\UuU.uUu
%Temp%\XxX.xXx

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{0CB3B151-N421-22T6-FLL5-1T7143ABIDVN}\StubPath: c:\dir\install\install\server.exe Restart
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: 63003A005C006400690072005C0069006E007300740061006C006C005C0069006E007300740061006C006C005C007300650072007600650072002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: 63003A005C006400690072005C0069006E007300740061006C006C005C0069006E007300740061006C006C005C007300650072007600650072002E006500780065000000

Detected by UnHackMe:

SERVER.EXE
Default location: C:\DIR\INSTALL\INSTALL\SERVER.EXE

Dropper information:
MD5: d84960d5dffcb07bfbc1e63187b2d6b0
File size: 483840 bytes

Leave a Reply