Solved! Use MMUCMG.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

MMUCMG.EXE – Backdoor Nitol removal

FileMD5Virus Alias
MMUCMG.EXE 216e86a5bf4ba38019bfd2637b53f040 Backdoor Nitol
MMUCMG.EXE 216e86a5bf4ba38019bfd2637b53f040 Trojan Eldorado
MMUCMG.EXE 216e86a5bf4ba38019bfd2637b53f040 Trojan Downloader
MMUCMG.EXE 216e86a5bf4ba38019bfd2637b53f040 Virus Part
MMUCMG.EXE 216e86a5bf4ba38019bfd2637b53f040 Trojan OnLineGames
MMUCMG.EXE 216e86a5bf4ba38019bfd2637b53f040 Trojan Agent

MMUCMG.EXE size: 71680 bytes
MMUCMG.EXE hash: 216E86A5BF4BA38019BFD2637B53F040

Created files:

%SysDir%\gei33.dll
%SysDir%\mmucmg.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Type: 10000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\DisplayName: ASPNET State Servicesyta Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\ImagePath: %WinDir%\System32\mmucmg.exe
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Description: Provides support for out-of-to-processmid Transaction Coordinator Service.

Detected by UnHackMe:

MMUCMG.EXE
Default location: %SYSDIR%\MMUCMG.EXE

Dropper information:
MD5: 216e86a5bf4ba38019bfd2637b53f040
File size: 71680 bytes

Leave a Reply