SERV32.DLL – Backdoor Andromeda removal

File	MD5	Virus Alias
SERV32.DLL	7c1b904ddb8863ab9c4bfb17a92c469c	Backdoor Andromeda
SERV32.DLL	7c1b904ddb8863ab9c4bfb17a92c469c	Trojan Generic
SERV32.DLL	7c1b904ddb8863ab9c4bfb17a92c469c	Trojan Click
SERV32.DLL	7c1b904ddb8863ab9c4bfb17a92c469c	Trojan Androm
SERV32.DLL	7c1b904ddb8863ab9c4bfb17a92c469c	Trojan Downloader
SERV32.DLL	7c1b904ddb8863ab9c4bfb17a92c469c	Trojan Graftor

SERV32.DLL size: 205624 bytes
SERV32.DLL hash: 7C1B904DDB8863AB9C4BFB17A92C469C

Created files:

%SysDir%\serv32.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{C80535B6-D51C-F149-6FFD-DAFEDD5B0985}\InprocServer32 : c:\windows\System32\serv32.dll
HKLM\System\CurrentControlSet\Services\pqwuoyfs\ImagePath: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0073007600630068006F00730074002E0065007800650020002D006B0020006E006500740073007600630073000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Description: IPX Traffic Forwarder
HKLM\System\CurrentControlSet\Services\pqwuoyfs\DisplayName: IPX Traffic Forwarder Controller
HKLM\System\CurrentControlSet\Services\pqwuoyfs\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Start: 02000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Type: 20000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C007300650072007600330032002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Parameters\ServiceMain: DllRegisterServer

Detected by UnHackMe:

SERV32.DLL
Default location: %SYSDIR%\SERV32.DLL

Dropper information:
MD5: abf52eff6ef76a1efd22210731a230a4
File size: 216311 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

SERV32.DLL – Backdoor Andromeda removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply