service.exe – trojan Delf

We checked up the file service.exe and found it hazardous.
The file service.exe must be deleted from the system immediately.
Kill the process service.exe and remove service.exe from the Windows startup.

Malware Analysis of service.exe
Executed: 8002(1).exe
Removed: service.exe. Full path: C:\WINDOWS\Data\service.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: BDX2011
Author: Unknown
Related File: C:\WINDOWS\DATA\SERVICE.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BDX2011
Value: “C:\WINDOWS\Data\service.exe”

Files:
C:\WINDOWS\Data\service.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.03.10 -
Microsoft 1.6603 2011.03.10 VirTool:Win32/DelfInject.gen!X
NOD32 5941 2011.03.10 a variant of Win32/Delf.PTA

—————————————————————————————————————————-

MD5 b398b6ee0749450c23ba051cb9b5277e

SHA1 40c73543c3c628ef2b1ec3e5bdaa732a161a212e

SHA256 dafc709ab30ebb8ed3f473cdb9a46a5f9d2d84b6936f237da75efadf8ba52a58

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:1
———————————-
HKLM\Software\BDXSer

———————————-
Values added:2
———————————-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BDX2011: “C:\WINDOWS\Data\service.exe”
HKLM\Software\BDXSer\1: “2011-3-15 23:39:7″

———————————-
Files added:1
———————————-
C:\WINDOWS\Data\service.exe

———————————-
Folders added:1
———————————-
C:\WINDOWS\Data

———————————-
Total changes:5
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

Fix it immediately!

Free Download

UnHackMe removes malware invisible for your antivirus!

Leave a Reply