Solved! Use RMTDIM.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RMTDIM.EXE – Backdoor Nitol removal

FileMD5Virus Alias
RMTDIM.EXE e5e5e0cb4520fe2c9b518a3aa29dcbdf Backdoor Nitol
RMTDIM.EXE e5e5e0cb4520fe2c9b518a3aa29dcbdf Trojan Artemis
RMTDIM.EXE e5e5e0cb4520fe2c9b518a3aa29dcbdf Backdoor RBot
RMTDIM.EXE e5e5e0cb4520fe2c9b518a3aa29dcbdf Trojan Buzus
RMTDIM.EXE e5e5e0cb4520fe2c9b518a3aa29dcbdf Virus Part
RMTDIM.EXE e5e5e0cb4520fe2c9b518a3aa29dcbdf Backdoor Zegost

RMTDIM.EXE size: 91648 bytes
RMTDIM.EXE hash: E5E5E0CB4520FE2C9B518A3AA29DCBDF

Created files:

%WinDir%\rmtdim.exe
%SysDir%\hra33.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\360safe.exe\Type: 10010000
HKLM\System\CurrentControlSet\Services\360safe.exe\Start: 02000000
HKLM\System\CurrentControlSet\Services\360safe.exe\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\360safe.exe\DisplayName: 360safeAbcd
HKLM\System\CurrentControlSet\Services\360safe.exe\ImagePath: %WinDir%\rmtdim.exe
HKLM\System\CurrentControlSet\Services\360safe.exe\Description: 360safeLmn

Detected by UnHackMe:

RMTDIM.EXE
Default location: %WinDir%\RMTDIM.EXE

Dropper information:
MD5: e5e5e0cb4520fe2c9b518a3aa29dcbdf
File size: 91648 bytes

Leave a Reply