Oh god. Server.exe

July 29, 2011 at 18:22:54
Specs: Windows XP
Please someone help me get rid of this virus. I have no idea how to get rid of it! Heres my story of what happened before the virus started taking effect.So today i decided to spice up my computer by adding themes such as wall paper and browser skins etc etc. Then i fount a specific computer theme on a website. Here's the site in case you wanted to know, Id suggest not downloading ANYTHING off of it

http://customize.org/xpthemes/82850

That's the exact theme i downloaded and caused the problem. Anyways as soon as i started up the set up which was entitled. "SetUp Runtime.exe" i started it and after that i got this error i'm guessing its a Trojan of some sort. The error pop ups say " This assembly Is protected by an unregistered version of Eziri's ".NET Reactor!" " and the error is called syncui. When i try to delete it with task manager it continuously multiplies causing lag, i believe its eating a large amount of my memory too. When i go into process in task manager there are multiple "server.exe" running and when i try to delete it on there, it just reappears. Server.exe never has appeared in my processes ever so i know this has to be a virus of some kind. Can anyone help me delete this virus?
The dude who created this theme/virus email is

Dobiz_hachihfik@yahoo.co.uk

In case you wanted to know.
Thank you.


See More: Oh god. Server.exe

Report •


#1
July 29, 2011 at 18:38:24
Boot up into safe mode and run your virus scanner.

intel P4 3.0ghz HTT
ATI 9800 Pro AGP 8x
2 x 1gb Corsair DDR400
2 x 250gb HDD
Windoze XP SP3


Report •

#2
July 29, 2011 at 19:53:26
I attempted to use safe mode, while doing it it took a long while to end after it did it just started windows normally so im guessing i cant use safe mode. Should i attempt to use System restore? would that fix it at all?

Report •

#3
July 30, 2011 at 01:06:25
No... if the virus was picked up during an earlier session you will only succeed in reloading it

Report •

Related Solutions

#4
July 30, 2011 at 12:28:48
Please ignore - posted in error. See posts 5 & 6.

Report •

#5
July 30, 2011 at 13:43:41
It's not his/hers email that he posted. He/she claims that it is the alleged virus creator's email address. Still best for you to remove it.

Please let us know if our advice was able to help you.


Report •

#6
July 30, 2011 at 13:54:11
trek1701A
Thanks, I missed the last line of the main paragraph in the original post.

kotaishi
Unless you are "absolutely certain" that email address is the hackers then you should edit it out of your post and the one on bleepingcomputer too. If you leave it around then the owner will get increasing junk email forever.


Report •

#7
July 30, 2011 at 14:17:59
kotaishi get yourself a good antivirus program. I download the program for the heck of it and avast free antivirus detected that there was a trojan in the .rar file upon completion of the download. Manually scanning the program further found two more infected files within it. After avast did its job all that was left were just two .jpg files. For everyones information the trojan is kryptik-BLK and virus MSIL: Agent-AQ. Google around for it and you might find removal tools for it.

Please let us know if our advice was able to help you.


Report •


Ask Question