Solved! Use REVNEA.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

REVNEA.EXE – Backdoor Nitol removal

FileMD5Virus Alias
REVNEA.EXE e1c96f0095c63be93a9d0db1f205cd89 Backdoor Nitol
REVNEA.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan SuspiciousFile
REVNEA.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan Generic
REVNEA.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan Eldorado
REVNEA.EXE e1c96f0095c63be93a9d0db1f205cd89 Backdoor RBot
REVNEA.EXE e1c96f0095c63be93a9d0db1f205cd89 Trojan Agent

REVNEA.EXE size: 72192 bytes
REVNEA.EXE hash: E1C96F0095C63BE93A9D0DB1F205CD89

Created files:

%SysDir%\gei33.dll
%SysDir%\revnea.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_seeees\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_seeees\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_seeees\DisplayName: ASP.NET State Seeeices
HKLM\System\CurrentControlSet\Services\aspnet_seeees\ImagePath: %WinDir%\System32\revnea.exe
HKLM\System\CurrentControlSet\Services\aspnet_seeees\Description: Provides seeeert for out-of-to-process

Detected by UnHackMe:

REVNEA.EXE
Default location: %SYSDIR%\REVNEA.EXE

Dropper information:
MD5: e1c96f0095c63be93a9d0db1f205cd89
File size: 72192 bytes

Leave a Reply