Solved! Use OSIISO.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

OSIISO.EXE – Backdoor Nitol removal

File MD5 Virus Alias
OSIISO.EXE 17d6e85d1f857e2b2b629e186d150732 Backdoor Nitol
OSIISO.EXE 17d6e85d1f857e2b2b629e186d150732 Trojan Eldorado
OSIISO.EXE 17d6e85d1f857e2b2b629e186d150732 Backdoor RBot
OSIISO.EXE 17d6e85d1f857e2b2b629e186d150732 Trojan Agent
OSIISO.EXE 17d6e85d1f857e2b2b629e186d150732 Backdoor Zegost
OSIISO.EXE 17d6e85d1f857e2b2b629e186d150732 Backdoor Farfli

OSIISO.EXE size: 43520 bytes
OSIISO.EXE hash: 17D6E85D1F857E2B2B629E186D150732

Created files:

%WinDir%\osiiso.exe
%SysDir%\hra33.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Type: 10010000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Start: 02000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\DisplayName: Defghi Klmnopqr Tuvwxyab Defg
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\ImagePath: %WinDir%\osiiso.exe
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Description: Defghijk Mnopqrstu Wxyabcd Fghijklm Opq

Detected by UnHackMe:

OSIISO.EXE
Default location: %WinDir%\OSIISO.EXE

Dropper information:
MD5: 17d6e85d1f857e2b2b629e186d150732
File size: 43520 bytes

Leave a Reply