Monday, July 2, 2012

Virus.Madang to keep far away

If you notice some suspicious file under the name of SERVERX.EXE on your system and know nothing about it, we will tell you all the truth. The file SERVERX.EXE is malicious one and there is no place for it on your computer. It should be removed immediately.
Kill the process SERVERX.EXE and remove SERVERX.EXE from the Windows startup.


The short report of this malware analysis

Full path on a computer: %SysDir%\Serverx.exe
Item Name: shell
Author: Unknown
Related File: Explorer.exe IEXPLOREi.exe
Type: System.ini
Item Name: Serverx
Author: Unknown
Related File: %SYSDIR%\SERVERX.EXE
Type: Registry Run
Item Name: Yahoo Messengger
Author: Unknown
Related File: %SYSDIR%\IEXPLOREI.EXE
Type: Registry Run
Item Name: At2
Author: Unknown
Related File: %SYSDIR%\WORD.EXE
Type: Scheduled Tasks
Item Name: At1
Author: Unknown
Related File: %SYSDIR%\WORD.EXE
Type: Scheduled Tasks
Item Name: Serverx.exe
Author: Unknown
Related File: %SYSDIR%\SERVERX.EXE
Type: Detected using Heuristic Algorithm
Item Name: IEXPLOREi.exe
Author: Unknown
Related File: %SYSDIR%\IEXPLOREI.EXE
Type: Running Processes
SERVERX.EXE is known under the name of Virus.Madang

In the process of installation it adds the following registry entries:

 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger: “%SysDir%\IEXPLOREi.exe”
 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “Explorer.exe IEXPLOREi.exe”

The files are caused by this malware

 %SysDir%\autorun.ini
 %SysDir%\IEXPLOREi.exe
 %SysDir%\Serverx.exe
 %SysDir%\setting.ini
 %SysDir%\WORD.exe
 %WinDir%\Tasks\At1.job
 %WinDir%\Tasks\At2.job
 %WinDir%\IEXPLOREi.exe

No comments:

Post a Comment