I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
R_SERVER.EXE – Unclassified Malware removal
| File | MD5 | Virus Alias |
|---|
R_SERVER.EXE size: 708608 bytes
Created files:
%SysDir%\raddrv.dll
%SysDir%\r_server.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\r_server\Type: 10010000
HKLM\System\CurrentControlSet\Services\r_server\Start: 02000000
HKLM\System\CurrentControlSet\Services\r_server\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\r_server\ImagePath: “%WinDir%\System32\r_server.exe” /service
HKLM\System\CurrentControlSet\Services\r_server\DisplayName: Remote Administrator Service
HKLM\System\CurrentControlSet\Services\r_server\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\r_server\Enum\0: Root\LEGACY_R_SERVER\0000
HKLM\System\CurrentControlSet\Services\r_server\Enum\Count: 01000000
HKLM\System\CurrentControlSet\Services\r_server\Enum\NextInstance: 01000000
HKLM\System\CurrentControlSet\Services\r_server\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000
Detected by UnHackMe:
R_SERVER.EXE
Default location: %SYSDIR%\R_SERVER.EXE