R_SERVER.EXE – Unclassified Malware

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

R_SERVER.EXE – Unclassified Malware removal

FileMD5Virus Alias

R_SERVER.EXE size: 708608 bytes

Created files:

%SysDir%\raddrv.dll
%SysDir%\r_server.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\r_server\Type: 10010000
HKLM\System\CurrentControlSet\Services\r_server\Start: 02000000
HKLM\System\CurrentControlSet\Services\r_server\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\r_server\ImagePath: “%WinDir%\System32\r_server.exe” /service
HKLM\System\CurrentControlSet\Services\r_server\DisplayName: Remote Administrator Service
HKLM\System\CurrentControlSet\Services\r_server\ObjectName: LocalSystem
HKLM\System\CurrentControlSet\Services\r_server\Enum\0: Root\LEGACY_R_SERVER\0000
HKLM\System\CurrentControlSet\Services\r_server\Enum\Count: 01000000
HKLM\System\CurrentControlSet\Services\r_server\Enum\NextInstance: 01000000
HKLM\System\CurrentControlSet\Services\r_server\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

Detected by UnHackMe:

R_SERVER.EXE
Default location: %SYSDIR%\R_SERVER.EXE

Leave a Reply