The program HECISERVER.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with HECISERVER.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of HECISERVER.EXE
Full path on a computer: %Appdata%\Microsoft\HeciServer.exe
Detected by UnHackMe:
HECISERVER.EXE
Default location: %Appdata%\Microsoft\HeciServer.exe
Removal Results: Success
Number of reboot: 1
HECISERVER.EXE is known as:
Backdoor.Fynloski, Trojan.Autoit, Trojan ( 000121231 ), Bloodhound.Malautoit, Autoit.AIMW, Trojan.Inject.hpfh, Trojan.MulDrop5.11922, TR.Dropper.A.22546, Trojan.Inject.bdrz, Troj.Inject.hp.(kcloud), Backdoor.Fynloski.A, Trojan.A.Inject.1628757, W32.GenBl.98EF34D1.Olympus, Trojan.Inject.Api, Win32.Fynloski.AA, W32.Inject.HPFH.tr, Trj.Agent.IVN
HECISERVER.EXE hash:
- MD5: 98ef34d12ec85a4e965df7210216574a
How to quickly detect HECISERVER.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft(R) Delayed Launcher: “%AppData%\Microsoft\HeciServer.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft(R) Delayed Launcher: “%AppData%\Microsoft\HeciServer.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: “%AppData%\Microsoft\HeciServer.exe,explorer.exe”
Files:- %Appdata%\Microsoft\HeciServer.exe