We received calls from users who have reported the following file Ervnt.exe file appearing on their usb sticks and on the C: / drive of their local machine. There is not much information on the internet regarding this malware, so I’ve decided to summarise a cleanup process if this file exists on your local machine.

The best way to protect from virus and malware is to have an up to date anti virus and malware cleaner. Download free anti-virus and malware from our previous post. Always use caution when opening .exe files via email. And always download .exe files from a trusted source.

What the malware does: The program tries to create a few background processes, then copies it’s self into the program files directory. The malware then tries to run network lookups and copies it’s self into any USB stick plugged in while registering it’s self as a Dynamic Link Library file.

Creates C:/autorun.inf file,
Creates C:/windows/system32/Ervnt.exe
Creates C:/program files/common files/microsoft shared/msinfo/SxDel.bat
Creates C:/program files/common files/microsoft shared/msinfo/Ervnt.exe
Modifies C:/autoexec.bat

The malware can also be found in these locations:
%programfiles%\common files\microsoft shared\msinfo\_ervnt.exe
%workingdir%\[Random Name].exe
%systemdrive%\ervnt.exe
%windir%\system32\ervnt.exe

The malware can also rename its files so detection can be hard to find. Example names this malware might be named: _Ervnt.exe, Ervnt.exe, 95316452.dat, 48673649.dat, 18750624.dat. There might be other naming conventions not listed here.

How to remove Ervnt.exe Malware:
Easiest way to remove this malware is by downloading Ad-Aware for free. A customer confirmed by downloading and running the program, Ervnt.exe was removed completely off the system. (It also cleaned up other malware the user had which they didn’t know about).

Manual cleaning of Ervnt.exe Step One:
(1). In Windows > Click Start > Run, type REGEDIT, then press Enter.
(2). Look for HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services
(3). Locate and delete the key: Error_Logs
Close Registry Editor.

Manual cleaning of Ervnt.exe Step Two:
(1). In Windows > Right-click Start then click
(2). Search for: AUTORUN.INF
(3). Open all Autorun.inf files and look for the following lines:
[AutoRun]
open=Ervnt.exe
shellexecute=Ervnt.exe
shell\Auto\command=Ervnt.exe
If these lines are found in any of the Autorun.inf files, delete that file only.
Repeat the above steps for each Autorun.inf file.
(4). Check your Windows > System32 folder for the file Ervnt.exe and delete. Restart your computer if the file is in use.
(5). Delete C:/Ervnt.exe from root directory.

Related Posts

No related posts.