Solved! Use SERVER.EXE (Worm Autoit) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SERVER.EXE – Worm Autoit removal

File MD5 Virus Alias
SERVER.EXE 4a2bd6f9a9180f465b008449cb549098 Worm Autoit
SERVER.EXE 4a2bd6f9a9180f465b008449cb549098 Trojan Generic
SERVER.EXE 4a2bd6f9a9180f465b008449cb549098 Trojan Genome
SERVER.EXE 4a2bd6f9a9180f465b008449cb549098 Trojan Eldorado
SERVER.EXE 4a2bd6f9a9180f465b008449cb549098 Trojan Downloader
SERVER.EXE 4a2bd6f9a9180f465b008449cb549098 Trojan Krap

SERVER.EXE size: 982059 bytes
SERVER.EXE hash: 4A2BD6F9A9180F465B008449CB549098

Created files:

%SysDir%\install\server.exe

Autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{YH553PFR-LA61-68JH-44D8-DNB08GVDX6WN}\StubPath: %WinDir%\System32\install\server.exe Restart
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0069006E007300740061006C006C005C007300650072007600650072002E006500780065000000
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\win32: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0069006E007300740061006C006C005C007300650072007600650072002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0069006E007300740061006C006C005C007300650072007600650072002E006500780065000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\win32: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0069006E007300740061006C006C005C007300650072007600650072002E006500780065000000

Detected by UnHackMe:

SERVER.EXE
Default location: %SYSDIR%\INSTALL\SERVER.EXE

Dropper information:
MD5: 4a2bd6f9a9180f465b008449cb549098
File size: 982059 bytes

Leave a Reply