Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Personalized VIRUS settings for: C:\windows\system32\install\server.exe...?

  • Please log in to reply
2 replies to this topic

#1 MattalicA


  • Members
  • 1 posts
  • Local time:11:38 PM

Posted 09 July 2010 - 02:52 PM

When I boot up today, I get a message box in the top left corner of my screen:

"Setting up personalized settings for: C:\windows\system32\install\server.exe Restart"

with nothing else--no taskbar, no icons on the desktop. I go, "OK, I uninstalled Norton 360 last night because my CD key was no longer valid," (after being used on another computer already). "Guess it's just doing it's thing." But minutes go by and my hard drive light isn't flickering, and the fact that "Restart" is capitalized at the end of the quote is suspicious to me, as in virus suspicious. So I get on another computer and google the phrase and find that, indeed, it is a virus/trojan/malware. And that someone posted the *exact* same problem here a month ago, after uninstalling their AV program and all. However, since that someone "discovered a fix for this problem, that works for now," there was never any solution posted.

I just ran Malwarebyres Anti-Malware and the server.exe file listed as a "Backdoor.Bifrose" was quarantined and deleted. I restarted and everything *seems* to be OK (i.e., it booted up normally) but I'm still wary. Am I rid of that crap?

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,558 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:38 AM

Posted 09 July 2010 - 03:07 PM

Info only.

I will move this to the Am I Infected forum, for appropriate action.


#3 Sofiane Mekroussi

Sofiane Mekroussi

  • Members
  • 9 posts
  • Gender:Not Telling
  • Location:n/a
  • Local time:07:38 AM

Posted 22 November 2011 - 06:47 AM

Make the following bacth file to get rid of it on your startup..
Just create a new text document and change its extension from text.txt to text.bat
then copy the script bellow inside it and run it
but remember to get rid of the registry entries as described in the script bellow :

rem setting the interface ..
start /b
@echo off
color 0f
rem set the echo to ON if facing troubles..
rem terminating the server.exe process on the localhost..
TASKKILL /S %computername% /F /IM server.exe
if ERRORLEVEL 1 (echo server.exe process not terminated..&&pause)
rem deleting the exefile..
DEL /f /q %systemroot%\system32\install\server.exe
if ERRORLEVEL 1 (echo server.exe not deleted..&&pause)
rem creating a new dirctory to prevent the backup copy of server.exe
MD %systemroot%\system32\install\server.exe
if ERRORLEVEL 1 (echo server.exe directory not created..&&pause)
rem deleting the registry startup entries for server.exe
@echo ..
@echo ..
@echo Now after rebooting open these startup registry keys
@echo and delete the values containing the path of server.exe
@echo note: rebooting only if the folder server.exe was created ..!!
@echo ..
@echo ..
@echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
@echo HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
@echo HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
@echo if others I really didn't search ..!!

pause > nul

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users