Solved! Use VQBDMM.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

VQBDMM.EXE – Backdoor Nitol removal

File MD5 Virus Alias
VQBDMM.EXE 77cd6a9c98ef5655d0788e52e1788a85 Backdoor Nitol
VQBDMM.EXE 77cd6a9c98ef5655d0788e52e1788a85 Trojan SuspiciousFile
VQBDMM.EXE 77cd6a9c98ef5655d0788e52e1788a85 Trojan Artemis
VQBDMM.EXE 77cd6a9c98ef5655d0788e52e1788a85 Trojan Eldorado
VQBDMM.EXE 77cd6a9c98ef5655d0788e52e1788a85 Trojan Downloader
VQBDMM.EXE 77cd6a9c98ef5655d0788e52e1788a85 Trojan Kazy

VQBDMM.EXE size: 20992 bytes
VQBDMM.EXE hash: 77CD6A9C98EF5655D0788E52E1788A85

Created files:

%SysDir%\gei33.dll
%SysDir%\vqbdmm.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_statesufo\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_statesufo\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_statesufo\DisplayName: 9KH.N5DKdYdUKUjfQ[Ukl[WDjYnkY[dQon;oojTQnYdojKUjfQ[U
HKLM\System\CurrentControlSet\Services\aspnet_statesufo\ImagePath: %WinDir%\System32\vqbdmm.exe
HKLM\System\CurrentControlSet\Services\aspnet_statesufo\Description: Provides support for out-of-to-processruq Transaction Coordinator Service.

Detected by UnHackMe:

VQBDMM.EXE
Default location: %SYSDIR%\VQBDMM.EXE

Dropper information:
MD5: 77cd6a9c98ef5655d0788e52e1788a85
File size: 20992 bytes

Leave a Reply