We received calls from users who have reported the following file Ervnt.exe file appearing on their usb sticks and on the C: / drive of their local machine. There is not much information on the internet regarding this malware, so I’ve decided to summarise a cleanup process if this file exists on your local machine.
The best way to protect from virus and malware is to have an up to date anti virus and malware cleaner. Download free anti-virus and malware from our previous post. Always use caution when opening .exe files via email. And always download .exe files from a trusted source.
What the malware does: The program tries to create a few background processes, then copies it’s self into the program files directory. The malware then tries to run network lookups and copies it’s self into any USB stick plugged in while registering it’s self as a Dynamic Link Library file.
Creates C:/autorun.inf file,
Creates C:/program files/common files/microsoft shared/msinfo/SxDel.bat
Creates C:/program files/common files/microsoft shared/msinfo/Ervnt.exe
The malware can also be found in these locations:
%programfiles%common filesmicrosoft sharedmsinfo_ervnt.exe