Solved! Use WEIGAI.EXE (Backdoor Nitol) Removal Guide

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WEIGAI.EXE – Backdoor Nitol removal

File MD5 Virus Alias
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Backdoor Nitol
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan SuspiciousFile
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Artemis
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Generic
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Eldorado
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Backdoor RBot

WEIGAI.EXE size: 25600 bytes
WEIGAI.EXE hash: 709D7EF0F8798F59590441D84600968D

Created files:

%SysDir%\weigai.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Nationqealhvo\Type: 10000000
HKLM\System\CurrentControlSet\Services\Nationqealhvo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationqealhvo\DisplayName: Nationalqwefvf Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationqealhvo\ImagePath: %WinDir%\System32\weigai.exe
HKLM\System\CurrentControlSet\Services\Nationqealhvo\Description: Providewqesowk a domain server for NI security.

Detected by UnHackMe:

WEIGAI.EXE
Default location: %SYSDIR%\WEIGAI.EXE

Dropper information:
MD5: 709d7ef0f8798f59590441d84600968d
File size: 25600 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images