serve.exe - Dangerous

serve.exe

Manual removal instructions:

Antivirus Report of serve.exe:
serve.exe Malware
serve.exeDangerous
serve.exeHigh Risk
serve.exe
We suggest you to remove 360tray.exe from your computer as soon as possible.
360tray.exe is Trojan/Backdoor.
Kill the process 360tray.exe and remove 360tray.exe from Windows startup.

Malware dropper: C:\sand-box\Serve.exe
Removed: C:\WINDOWS\360tray.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
F-Secure 8.0.14470.0 2009.10.12 Backdoor:W32/Hupigon.NEP
Kaspersky 7.0.0.125 2009.10.12 Backdoor.Win32.Hupigon.cbs
McAfee 5769 2009.10.12 BackDoor-AWQ
Microsoft 1.5101 2009.10.12 Backdoor:Win32/Hupigon.DK
NOD32 4501 2009.10.12 a variant of Win32/Hupigon
Symantec 1.4.4.12 2009.10.12 Backdoor.Graybird

Additional information
File size: 302592 bytes
MD5 : c56320fbf24540071c0f3b4f6e076085
SHA1 : 04d2587f329f3c57d552c8be894f28095b53cd63
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:4
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\Security

----------------------------------
Values added:15
----------------------------------
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000\Service: "360safeserver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000\Legacy: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000\ConfigFlags: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000\Class: "LegacyDriver"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000\ClassGUID: "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\0000\DeviceDesc: "360safe"
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_360SAFESERVER\NextInstance: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\Type: 0x00000110
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\ErrorControl: 0x00000000
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\ImagePath: "C:\WINDOWS\360tray.exe"
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\DisplayName: "360safe"
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\360safeserver\Description: "360?°?E?«IAE??·?In?¶E"

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:1
----------------------------------
C:\WINDOWS\360tray.exe

----------------------------------
Files deleted:1
----------------------------------
C:\sand-box\Serve.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:0
----------------------------------

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:21
----------------------------------

-------------------------------------------------------------------------------------
Detected by UnHackMe:

Item Name: 360safeserver
Author:
Related File: C:\WINDOWS\360tray.exe
Type: Auto Services

Item Name: 360tray.exe
Author: Unknown
Related File: C:\WINDOWS\360tray.exe
Type: Detected using Heuristic Algorithm

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove serve.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.