Solved! Use QOICGE.EXE (Backdoor Nitol) Removal Guide

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

QOICGE.EXE – Backdoor Nitol removal

File MD5 Virus Alias
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Backdoor Nitol
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan Eldorado
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan Downloader
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan OnLineGames
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan Agent
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan-Ransom Winlock

QOICGE.EXE size: 59392 bytes
QOICGE.EXE hash: BD61D5C581BCCE53BF04AD293A2D70FA

Created files:

%SysDir%\gei33.dll
%SysDir%\qoicge.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\DisplayName: ASP.NET State Servicesldt Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\ImagePath: %WinDir%\System32\qoicge.exe
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\Description: Provides support for out-of-to-processxiw Transaction Coordinator Service.

Detected by UnHackMe:

QOICGE.EXE
Default location: %SYSDIR%\QOICGE.EXE

Dropper information:
MD5: bd61d5c581bcce53bf04ad293a2d70fa
File size: 59392 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images