SERV32.DLL – Backdoor Andromeda removal

File	MD5	Virus Alias
SERV32.DLL	c9f5256c7fb7656bc97d018091051af2	Backdoor Andromeda
SERV32.DLL	c9f5256c7fb7656bc97d018091051af2	Trojan SuspiciousFile
SERV32.DLL	c9f5256c7fb7656bc97d018091051af2	Trojan Click
SERV32.DLL	c9f5256c7fb7656bc97d018091051af2	Trojan Genome
SERV32.DLL	c9f5256c7fb7656bc97d018091051af2	Trojan Androm
SERV32.DLL	c9f5256c7fb7656bc97d018091051af2	Trojan Downloader

SERV32.DLL size: 192504 bytes
SERV32.DLL hash: C9F5256C7FB7656BC97D018091051AF2

Created files:

%SysDir%\serv32.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{C80535B6-D51C-F149-6FFD-DAFEDD5B0985}\InprocServer32 : c:\windows\System32\serv32.dll
HKLM\System\CurrentControlSet\Services\pqwuoyfs\ImagePath: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0073007600630068006F00730074002E0065007800650020002D006B0020006E006500740073007600630073000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Description: Controller for PCI Bus
HKLM\System\CurrentControlSet\Services\pqwuoyfs\DisplayName: PCI Bus Controller
HKLM\System\CurrentControlSet\Services\pqwuoyfs\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Start: 02000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Type: 20000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C007300650072007600330032002E0064006C006C000000
HKLM\System\CurrentControlSet\Services\pqwuoyfs\Parameters\ServiceMain: DllRegisterServer

Detected by UnHackMe:

SERV32.DLL
Default location: %SYSDIR%\SERV32.DLL

Dropper information:
MD5: 3164ded921b74d7e41861855278d09a1
File size: 211309 bytes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

SERV32.DLL – Backdoor Andromeda removal

Created files:

Autostart registry keys:

Detected by UnHackMe:

Leave a Reply Cancel reply