Solved! Use RUNDLL32SRV.EXE (Worm AMN) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

RUNDLL32SRV.EXE – Worm AMN removal

File MD5 Virus Alias
RUNDLL32SRV.EXE 9f179e646fb978a30b2aa0885e78c50f Worm AMN
RUNDLL32SRV.EXE 9f179e646fb978a30b2aa0885e78c50f Worm (Suspicious File)
RUNDLL32SRV.EXE 9f179e646fb978a30b2aa0885e78c50f Trojan Eldorado
RUNDLL32SRV.EXE 9f179e646fb978a30b2aa0885e78c50f Trojan Krap
RUNDLL32SRV.EXE 9f179e646fb978a30b2aa0885e78c50f Trojan Agent
RUNDLL32SRV.EXE 9f179e646fb978a30b2aa0885e78c50f Trojan ZBot

RUNDLL32SRV.EXE size: 114176 bytes
RUNDLL32SRV.EXE hash: 9F179E646FB978A30B2AA0885E78C50F

Created files:

%Program Files%\Microsoft\DesktopLayer.exe
%SysDir%\rundll32Srv.exe
%Common AppData%\Apple Computer\Installer Cache\Safari 5.34.52.7\SetupAdmin.exe
%Local AppData%\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
%Local AppData%\Google\Chrome\Application\17.0.963.56\avformat-53.dll
%Local AppData%\Google\Chrome\Application\17.0.963.56\avutil-51.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: c:\windows\System32\userinit.exe,,c:\program files\Microsoft\desktoplayer.exe

Detected by UnHackMe:

RUNDLL32SRV.EXE
Default location: %SYSDIR%\RUNDLL32SRV.EXE

Dropper information:
MD5: c5d2bcf5a26a67be42b4225d287a6e50
File size: 507904 bytes

Leave a Reply