Seres.exe (Seres) Trojan Virus File Removal

Danger Seres.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Trojan Virus Downloader (Click Here To Learn More)
Related To: Antivirus Pro 2010
Location: C:\Documents and Settings\[username]\Application Data\seres.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

Seres.exe has been identified as a trojan virus downloader. The file is able to download additional forms of malware, including Antivirus Pro 2010, which is a fake antivirus program. Below is our recommended removal tool (Spyware Doctor with Antivirus) for Seres.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

Manual Removal – Seres.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Seres.exe File Details -
File Type – EXE – Seres.exe is a executable file
First Identified – October 11 2009

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. How can I check if Seres.exe is a computer virus? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Malware Removal | Follow Us On Twitter

This entry was posted on Sunday, October 11th, 2009 at 3:19 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Seres.exe (Seres) Trojan Virus File Removal”

Mike October 17th, 2009 at 7:49 am

Vicious Virus. Can’t even start in Safe Mode! Below is the HijackThis log. Just downloaded the Seres.exe removal tool. Will give it a try. Any help is greatly appreciated!
———-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:55 AM, on 10/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\DR4396~1.MAN\LOCALS~1\Temp\win.exe
C:\DOCUME~1\DR4396~1.MAN\LOCALS~1\Temp\nvsvc32.exe
C:\DOCUME~1\DR4396~1.MAN\LOCALS~1\Temp\cmd.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dr. Mann\Local Settings\Temporary Internet Files\Content.IE5\L1DA59XC\sdasetup_aff[1].exe
C:\DOCUME~1\DR4396~1.MAN\LOCALS~1\Temp\is-8KVPN.tmp\sdasetup_aff[1].tmp
C:\DOCUME~1\DR4396~1.MAN\LOCALS~1\Temp\is-OT5UQ.tmp\iMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070810
O2 – BHO: STOPzilla Browser Helper Object – {E3215F20-3212-11D6-9F8B-00D0B743919D} – C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 – Toolbar: STOPzilla – {98828DED-A591-462F-83BA-D2F62A68B8B8} – C:\Program Files\STOPzilla!\SZSG.dll
O3 – Toolbar: PC Tools Browser Guard – {472734EA-242A-422B-ADF8-83D1E48CC825} – C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 – HKLM\..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 – HKLM\..\Run: [PDVDDXSrv] “C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe”
O4 – HKLM\..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 – HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 – HKLM\..\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 – HKLM\..\Run: [Symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 – HKLM\..\Run: [mudiruwev] Rundll32.exe “c:\windows\system32\peyumupo.dll”,a
O4 – HKCU\..\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\DR4396~1.MAN\LOCALS~1\Temp\cmd.exe
O4 – HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -”Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)” -”http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient”
O4 – HKUS\S-1-5-18\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O4 – Global Startup: Digital Line Detect.lnk = ?
O4 – Global Startup: mapdrive.bat
O4 – Global Startup: NCProTray.lnk = ?
O8 – Extra context menu item: Append to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert link target to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert link target to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert selected links to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 – Extra context menu item: Convert selected links to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 – Extra context menu item: Convert selection to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert selection to existing PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {299BCB01-BAD0-4335-850A-AF030F821EE3} (ActiveFormX Control) – http://webris.diarads.com/WebRIS/WebRis.ocx
O16 – DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) – http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1187806972296
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187807201953
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187807197296
O16 – DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} (AMI Pictorial Control CWeb 2.1 SPa05) – https://radweb.sjmc.org/ami/install/amiviewer.cab
O16 – DPF: {C1BB037A-95F6-4453-902B-77268C323B34} (PicomClient Control) – https://picom.diarads.com/class-bin/TokenClient.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 – AppInit_DLLs: tusumubo.dll c:\windows\system32\peyumupo.dll
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 – Winlogon Notify: GoToAssist – C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O21 – SSODL: wagudoyut – {34380a6c-5fe6-4266-a202-0d315f7e0086} – c:\windows\system32\peyumupo.dll
O22 – SharedTaskScheduler: tokatiluy – {34380a6c-5fe6-4266-a202-0d315f7e0086} – c:\windows\system32\peyumupo.dll
O22 – SharedTaskScheduler: gsajkfh873whdngo8wuidgs4rgfr4 – {A2234B15-23F2-42AD-F4E4-00AAC39C0004} – C:\WINDOWS\system32\vvh3v28o.dll
O23 – Service: Apple Mobile Device – Apple, Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Broadcom ASF IP Monitor (ASFIPmon) – Broadcom Corporation – C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 – Service: Background Intelligent Transfer Service (BITS) – Unknown owner – C:\WINDOWS\
O23 – Service: Browser Defender Update Service – Threat Expert Ltd. – C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 – Service: DSBrokerService – Unknown owner – C:\Program Files\DellSupport\brkrsvc.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: GoToAssist – Citrix Online, a division of Citrix Systems, Inc. – C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 – Service: Iap – Dell Inc. – C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LiveUpdate Notice Service – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 – Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) – SupportSoft, Inc. – C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 – Service: stllssvr – MicroVision Development, Inc. – C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 – Service: STOPzilla Service (szserver) – iS3, Inc. – C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 – Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) – Unknown owner – C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 – Service: Automatic Updates (wuauserv) – Unknown owner – C:\WINDOWS\
O23 – Service: WUSB54GCSVC – GEMTEKS – C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe


End of file – 13300 bytes

Leave a Reply