Solved! Use ZQVNQQ.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

ZQVNQQ.EXE – Backdoor Nitol removal

FileMD5Virus Alias
ZQVNQQ.EXE 6b8fa20f8a6181244f532be85ef8e057 Backdoor Nitol
ZQVNQQ.EXE 6b8fa20f8a6181244f532be85ef8e057 Trojan SuspiciousFile
ZQVNQQ.EXE 6b8fa20f8a6181244f532be85ef8e057 Trojan Artemis
ZQVNQQ.EXE 6b8fa20f8a6181244f532be85ef8e057 Trojan Generic
ZQVNQQ.EXE 6b8fa20f8a6181244f532be85ef8e057 Backdoor RBot
ZQVNQQ.EXE 6b8fa20f8a6181244f532be85ef8e057 Trojan Downloader

ZQVNQQ.EXE size: 24576 bytes
ZQVNQQ.EXE hash: 6B8FA20F8A6181244F532BE85EF8E057

Created files:

%SysDir%\hra33.dll
%WinDir%\zqvnqq.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Jklmno Qrstuaaa Abc\Type: 10010000
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuaaa Abc\Start: 02000000
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuaaa Abc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuaaa Abc\DisplayName: Jklmno Qrstuaaa Abcdefgh Jklm
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuaaa Abc\ImagePath: %WinDir%\zqvnqq.exe
HKLM\System\CurrentControlSet\Services\Jklmno Qrstuaaa Abc\Description: Jklmnopq Stuvwxaaa Defghij Lmnopqrs Uvw

Detected by UnHackMe:

ZQVNQQ.EXE
Default location: %WinDir%\ZQVNQQ.EXE

Dropper information:
MD5: 6b8fa20f8a6181244f532be85ef8e057
File size: 24576 bytes

Leave a Reply