We received the file SERVUTRAY.EXE and detected that SERVUTRAY.EXE is not good.
SERVUTRAY.EXE is Adware. You should remove the file SERVUTRAY.EXE.
Kill the process SERVUTRAY.EXE and remove SERVUTRAY.EXE from Windows.
Malware Analysis of SERVUTRAY.EXE
Full path on a computer: %Program Files%\RhinoSoft.com\Serv-U\ServUTray.exe
Detected by UnHackMe:
SERVUTRAY.EXE
Default location: %Program Files%\RhinoSoft.com\Serv-U\ServUTray.exe
Removal Results: Success
Number of reboot: 1
SERVUTRAY.EXE is known as:
Adware.PUP.ServerFTP.Serv-U.~A, W32.Tool.DQAG-4784, a variant of Win32.ServU-Daemon.AA, Win32.DH{TQ8}, HackTool.Ser.aLOD
SERVUTRAY.EXE hash:
- MD5: ad2aa2b351293ba30dcf0885324a3858
How to quickly detect SERVUTRAY.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Serv-U_is1\UninstallString: “”%Program Files%\RhinoSoft.com\Serv-U\unins000.exe”"
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\Library: “%Program Files%\RhinoSoft.com\Serv-U\ServUPerfCount.dll”
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\Open: “OpenServUPerfData”
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\Collect: “CollectServUPerfData”
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\Close: “CloseServUPerfData”
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\First Counter: 0×00001106
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\First Help: 0×00001107
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\Last Counter: 0×00001132
- HKLM\System\CurrentControlSet\Services\Serv-U-Counters\Performance\Last Help: 0×00001133
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ServUTrayIcon: “%Program Files%\RhinoSoft.com\Serv-U\ServUTray.exe”
- HKLM\System\CurrentControlSet\Services\BITS\Start: 0×00000003
- HKLM\System\CurrentControlSet\Services\Eventlog\Application\Sources: ‘Serv-U FTP Server WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN WinMgmt Winlogon Windows Product Activation Windows 3.1 Migration WebClient VSSetup VSS VMUpgradeHelper vmtools VBRuntime Userinit Userenv TPVCGateway Tlntsvr System.ServiceModel 4.0.0.0 System.Runtime.Serialization 4.0.0.0 System.IO.Log 4.0.0.0 System.IdentityModel 4.0.0.0 SysmonLog Starter SpoolerCtrs Software Restriction Policies Software Installation ServiceModel Audit 4.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley ntbackup MSSQLSERVER/MSDE MSSOAP MSSHA MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft.Transactions.Bridge 4.0.0.0 Microsoft H.323 Telephony Service Provider Microsoft (R) Visual C# 2005 Compiler LoadPerf HelpSvc Folder Redirection File Deployment EventSystem ESENT DrWatson Dot3Svc DiskQuota crypt32 COM+ COM Ci Chkdsk CardSpace 4.0.0.0 AutoEnrollment Autochk ASP.NET 4.0.30319.0 ASP.NET 2.0.50727.0 Application Management Application Hang Application Error .NET Runtime Optimization Service .NET Runtime 4.0 Error Reporting .NET Runtime 2.0 Error Reporting .NET Runtime Application’
Folders:- %Common Startmenu%\Programs\Serv-U
- %Program Files%\RhinoSoft.com
- %Program Files%\RhinoSoft.com\Serv-U
Files:- %Desktop%\Serv-U.lnk
- %Common Startmenu%\Programs\Serv-U\License File.lnk
- %Common Startmenu%\Programs\Serv-U\Online Knowledge Base.lnk
- %Common Startmenu%\Programs\Serv-U\Online Technical Support.lnk
- %Common Startmenu%\Programs\Serv-U\Read Me File.lnk
- %Common Startmenu%\Programs\Serv-U\Release Notes.lnk
- %Common Startmenu%\Programs\Serv-U\Serv-U Administrator.lnk
- %Common Startmenu%\Programs\Serv-U\Serv-U Help.lnk
- %Common Startmenu%\Programs\Serv-U\Tray Monitor.lnk
- %Common Startmenu%\Programs\Serv-U\Uninstall Serv-U.lnk
- %Program Files%\RhinoSoft.com\Serv-U\KB.ico
- %Program Files%\RhinoSoft.com\Serv-U\KB.url
- %Program Files%\RhinoSoft.com\Serv-U\libeay32.dll
- %Program Files%\RhinoSoft.com\Serv-U\License.txt
- %Program Files%\RhinoSoft.com\Serv-U\MSVCP71.DLL
- %Program Files%\RhinoSoft.com\Serv-U\MSVCR71.DLL
- %Program Files%\RhinoSoft.com\Serv-U\ReadMe.txt
- %Program Files%\RhinoSoft.com\Serv-U\RhinoNET.dll
- %Program Files%\RhinoSoft.com\Serv-U\Serv-U.cnt
- %Program Files%\RhinoSoft.com\Serv-U\Serv-U.hlp
- %Program Files%\RhinoSoft.com\Serv-U\ServUAdmin.exe
- %Program Files%\RhinoSoft.com\Serv-U\ServUAdmin.ini
- %Program Files%\RhinoSoft.com\Serv-U\ServUCert.crt
- %Program Files%\RhinoSoft.com\Serv-U\ServUCert.key
- %Program Files%\RhinoSoft.com\Serv-U\ServUDaemon.exe
- %Program Files%\RhinoSoft.com\Serv-U\ServUDaemon.ini
- %Program Files%\RhinoSoft.com\Serv-U\ServUPerfCount.dll
- %Program Files%\RhinoSoft.com\Serv-U\ServUStartUpLog.txt
- %Program Files%\RhinoSoft.com\Serv-U\ServUTray.exe
- %Program Files%\RhinoSoft.com\Serv-U\SetupUtil.exe
- %Program Files%\RhinoSoft.com\Serv-U\ssleay32.dll
- %Program Files%\RhinoSoft.com\Serv-U\Support.ico
- %Program Files%\RhinoSoft.com\Serv-U\Support.url
- %Program Files%\RhinoSoft.com\Serv-U\unins000.dat
- %Program Files%\RhinoSoft.com\Serv-U\unins000.exe
- %Program Files%\RhinoSoft.com\Serv-U\Uninstall.ico
- %Program Files%\RhinoSoft.com\Serv-U\Version.txt
- %Program Files%\RhinoSoft.com\Serv-U\zlib1.dll