ServStart.BI is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers.
File Related Changes
It drops the following file(s) on the system:
- "c:\Program Files\Common Files\microsoft shared\ink\lpk.dll"
- "c:\Windows\System32\boxlou.exe"
- "c:\Program Files\Adobe\Reader 9.0\Reader\lpk.dll"
- "c:\Program Files\Windows Sidebar\lpk.dll"
- "c:\Program Files\Windows Photo Viewer\lpk.dll"
- "c:\Program Files\CMAK\lpk.dll"
- "c:\Program Files\Windows Media Player\lpk.dll"
- "c:\Program Files\CMAK\Support\en-US\lpk.dll"
- "c:\Program Files\Common Files\microsoft shared\MSInfo\lpk.dll"
- "c:\Program Files\Windows Journal\lpk.dll"
- "c:\Program Files\Java\jre6\bin\lpk.dll"
- "c:\Program Files\Common Files\Adobe\Updater6\lpk.dll"
- "c:\Program Files\Microsoft Silverlight\lpk.dll"
- "c:\ProgramData\Adobe\Reader\9.4\ARM\lpk.dll"
- "c:\Program Files\Common Files\Java\Java Update\lpk.dll"
- "c:\ProgramData\Adobe\Reader\9.4\ARM\26496\lpk.dll"
- "c:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A94000000001}\lpk.dll"
- "c:\Program Files\CMAK\Support\lpk.dll"
- "c:\Program Files\Microsoft Silverlight\4.0.60531.0\lpk.dll"
- "c:\Program Files\Windows Mail\lpk.dll"
- "c:\Program Files\Common Files\Adobe\ARM\1.0\lpk.dll"
- "c:\Program Files\Internet Explorer\lpk.dll"
- "c:\Program Files\windows nt\Accessories\lpk.dll"
Process Related Changes
It creates the following mutex(es):
- "Nationaluhm"
- "CB35EF5D-4591-41d9-BBA2-0363342F3783"
It creates the following process(es): - C:\windows\temp\dllinject.exe
- C:\Windows\system32\cmd.exe
|
