If you turn on your PC one day and discover that it works a little bit strange, check your system for SERVERX.EXE file presence. Its presence can cause different malfunctions, so do not ignore it. It should be removed immediately.
Kill the process SERVERX.EXE and remove SERVERX.EXE from the Windows startup.
The short report of this malware analysis
Full path on a computer: %SysDir%\Serverx.exeItem Name: shell
Author: Unknown
Related File: Explorer.exe IEXPLOREi.exe
Type: System.ini
Item Name: Serverx
Author: Unknown
Related File: %SYSDIR%\SERVERX.EXE
Type: Registry Run
Item Name: Yahoo Messengger
Author: Unknown
Related File: %SYSDIR%\IEXPLOREI.EXE
Type: Registry Run
Item Name: At2
Author: Unknown
Related File: %SYSDIR%\WORD.EXE
Type: Scheduled Tasks
Item Name: At1
Author: Unknown
Related File: %SYSDIR%\WORD.EXE
Type: Scheduled Tasks
Item Name: Serverx.exe
Author: Unknown
Related File: %SYSDIR%\SERVERX.EXE
Type: Detected using Heuristic Algorithm
Item Name: IEXPLOREi.exe
Author: Unknown
Related File: %SYSDIR%\IEXPLOREI.EXE
Type: Running Processes
SERVERX.EXE is known under the name of Virus.Madang
In the process of installation it adds the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger: “%SysDir%\IEXPLOREi.exe” HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “Explorer.exe IEXPLOREi.exe”
The files are caused by this malware
%SysDir%\autorun.ini %SysDir%\IEXPLOREi.exe
%SysDir%\Serverx.exe
%SysDir%\setting.ini
%SysDir%\WORD.exe
%WinDir%\Tasks\At1.job
%WinDir%\Tasks\At2.job
%WinDir%\IEXPLOREi.exe
In order to easy deal with it, try GridinSoft Trojan Killer, a reputable antivirus tool
Virus.Madang malware remover:
No comments:
Post a Comment