Solved! Use JMLDMQ.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

JMLDMQ.EXE – Backdoor Nitol removal

File MD5 Virus Alias
JMLDMQ.EXE e1c96f0095c63be93a9d0db1f205cd89 Backdoor Nitol
JMLDMQ.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan SuspiciousFile
JMLDMQ.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan Generic
JMLDMQ.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan Eldorado
JMLDMQ.EXE e1c96f0095c63be93a9d0db1f205cd89 Backdoor RBot
JMLDMQ.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan Agent

JMLDMQ.EXE size: 72192 bytes
JMLDMQ.EXE hash: E1C96F0095C63BE93A9D0DB1F205CD89

Created files:

%SysDir%\gei33.dll
%SysDir%\jmldmq.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_seeees\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_seeees\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_seeees\DisplayName: ASP.NET State Seeeices
HKLM\System\CurrentControlSet\Services\aspnet_seeees\ImagePath: %WinDir%\System32\jmldmq.exe
HKLM\System\CurrentControlSet\Services\aspnet_seeees\Description: Provides seeeert for out-of-to-process

Detected by UnHackMe:

JMLDMQ.EXE
Default location: %SYSDIR%\JMLDMQ.EXE

Dropper information:
MD5: e1c96f0095c63be93a9d0db1f205cd89
File size: 72192 bytes

Leave a Reply