Solved! Use ALIVESERVICE.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

ALIVESERVICE.EXE – Backdoor Nitol removal

FileMD5Virus Alias
ALIVESERVICE.EXE ccce63e0474420474e19c8f9cfcd7207 Backdoor Nitol
ALIVESERVICE.EXE ccce63e0474420474e19c8f9cfcd7207 Trojan SuspiciousFile
ALIVESERVICE.EXE ccce63e0474420474e19c8f9cfcd7207 Trojan Generic
ALIVESERVICE.EXE ccce63e0474420474e19c8f9cfcd7207 Trojan Eldorado
ALIVESERVICE.EXE ccce63e0474420474e19c8f9cfcd7207 Backdoor RBot
ALIVESERVICE.EXE ccce63e0474420474e19c8f9cfcd7207 Trojan Downloader

ALIVESERVICE.EXE size: 13376 bytes
ALIVESERVICE.EXE hash: CCCE63E0474420474E19C8F9CFCD7207

Created files:

%SysDir%\AliveService.exe
%Temp%\s.exe
%Temp%\startnet.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run : %Temp%\startnet.exe
HKLM\System\CurrentControlSet\Services\Windows Test My Test 1.0\Type: 10000000
HKLM\System\CurrentControlSet\Services\Windows Test My Test 1.0\Start: 02000000
HKLM\System\CurrentControlSet\Services\Windows Test My Test 1.0\DisplayName: Windows Test My Test Server 1.0
HKLM\System\CurrentControlSet\Services\Windows Test My Test 1.0\ImagePath: %WinDir%\System32\AliveService.exe
HKLM\System\CurrentControlSet\Services\Windows Test My Test 1.0\Description: This is Windows Test My Test Server 1.0

Detected by UnHackMe:

ALIVESERVICE.EXE
Default location: %SYSDIR%\ALIVESERVICE.EXE

Dropper information:
MD5: 1b1c3c02ef9d3e63b38e4ae16d4b1dfa
File size: 137216 bytes

Leave a Reply