Solved! Use SVHOST.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SVHOST.EXE – Backdoor Nitol removal

File MD5 Virus Alias
SVHOST.EXE 6f6c2d7fe2b43c9325cd24465fec0b99 Backdoor Nitol
SVHOST.EXE 6f6c2d7fe2b43c9325cd24465fec0b99 Trojan SuspiciousFile
SVHOST.EXE 6f6c2d7fe2b43c9325cd24465fec0b99 Trojan Generic
SVHOST.EXE 6f6c2d7fe2b43c9325cd24465fec0b99 Backdoor RBot
SVHOST.EXE 6f6c2d7fe2b43c9325cd24465fec0b99 Trojan CI
SVHOST.EXE 6f6c2d7fe2b43c9325cd24465fec0b99 Backdoor Poison

SVHOST.EXE size: 24576 bytes
SVHOST.EXE hash: 6F6C2D7FE2B43C9325CD24465FEC0B99

Created files:

%WinDir%\svhost.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Windows Test My Tesst 1.9\Type: 10010000
HKLM\System\CurrentControlSet\Services\Windows Test My Tesst 1.9\Start: 02000000
HKLM\System\CurrentControlSet\Services\Windows Test My Tesst 1.9\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Windows Test My Tesst 1.9\DisplayName: Windows Test My Test Servesr 1.9
HKLM\System\CurrentControlSet\Services\Windows Test My Tesst 1.9\ImagePath: %WinDir%\svhost.exe
HKLM\System\CurrentControlSet\Services\Windows Test My Tesst 1.9\Description: This is Windows Test My Test Server 1.9

Detected by UnHackMe:

SVHOST.EXE
Default location: %WinDir%\SVHOST.EXE

Dropper information:
MD5: 6f6c2d7fe2b43c9325cd24465fec0b99
File size: 24576 bytes

Leave a Reply