Virus Admilli Service

This page is dedicated to the back then yet unknown new virus threat that appeared on many Windows XP/ME/98 computers in January 2005 and was even spreading half a year later! Below are the results of an investigation before any antivirus software was able to remove or even detect it.

What is Admilli Service?

Admilli Service seems to be a adware/spyware/virus threat that has the ability to infect computers running the Windows XP/ME/98 operating system. It can automatically install itself into your PC when you are surfing on the internet with Internet Explorer (even with a higher security level).

After installation it is not yet known what it does… Maybe it logs all your input and collects your passwords, enables hackers to gain access to you computer or use it as a node for mass spamming, tries to infect other computers in you local network… We were unable to determine its exact activity and classification, but it looks like some sort of sophisticated spyware.

(Nowadays it seems that a newer version of Admilli Service is spreading in the wild and it is classified by others as adware/spyware.)

Antivirus solutions

We tried to detect and clean the virus with many different antivirus and antispyware programs (like Symantec Antivirus, Lavasoft Ad-Aware…) that were all up to date (on December 2004), but none of them found anything!

Therefore we came to the conclusion that the thing is yet unknown to the world and it behaves differently than common viruses.

Removal instructions

As nasty as the threat looks like it can be easily removed with a few clicks! On the other hand you may try some of the newest virus removal tools (some detect it already).

The virus or spyware installs itself as a fully legitimate program inside the C:\Program Files directory with registry entries that result in a working uninstall function. So all you need to do is just open up the Control Panel (in Windows XP it can be found under the Start menu) and choose Add or Remove Programs. Locate Admilli Service in the list that comes up and click the Remove (uninstall) button. After the process is finished your computer will be supposedly spyware-free. You may also temporary disable System Restore before doing anything and empty Temporary Internet Files that Internet Explorer stores on your computer (select the menu Tools, then Internet options and click on the Delete files button).

The whole thing can also be removed with the instructions (the hard way).

More technical results

More details about the investigation can be found on the details subpage.