service.exe – trojan Delf

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


We checked up the file service.exe and found it hazardous.
The file service.exe must be deleted from the system immediately.
Kill the process service.exe and remove service.exe from the Windows startup.

Malware Analysis of service.exe
Executed: 8002(1).exe
Removed: service.exe. Full path: C:\WINDOWS\Data\service.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: BDX2011
Author: Unknown
Related File: C:\WINDOWS\DATA\SERVICE.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BDX2011
Value: “C:\WINDOWS\Data\service.exe”

Files:
C:\WINDOWS\Data\service.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.03.10 -
Microsoft 1.6603 2011.03.10 VirTool:Win32/DelfInject.gen!X
NOD32 5941 2011.03.10 a variant of Win32/Delf.PTA

—————————————————————————————————————————-

MD5 b398b6ee0749450c23ba051cb9b5277e

SHA1 40c73543c3c628ef2b1ec3e5bdaa732a161a212e

SHA256 dafc709ab30ebb8ed3f473cdb9a46a5f9d2d84b6936f237da75efadf8ba52a58

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:1
———————————-
HKLM\Software\BDXSer

———————————-
Values added:2
———————————-
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BDX2011: “C:\WINDOWS\Data\service.exe”
HKLM\Software\BDXSer\1: “2011-3-15 23:39:7″

———————————-
Files added:1
———————————-
C:\WINDOWS\Data\service.exe

———————————-
Folders added:1
———————————-
C:\WINDOWS\Data

———————————-
Total changes:5
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Leave a Reply