Solved! Use UGMYCM.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

UGMYCM.EXE – Backdoor Nitol removal

FileMD5Virus Alias
UGMYCM.EXE a12d7adbe69365cead13d7672a57a7ba Backdoor Nitol
UGMYCM.EXE a12d7adbe69365cead13d7672a57a7ba Trojan, Suspicious File
UGMYCM.EXE a12d7adbe69365cead13d7672a57a7ba Trojan Artemis
UGMYCM.EXE a12d7adbe69365cead13d7672a57a7ba Trojan Eldorado
UGMYCM.EXE a12d7adbe69365cead13d7672a57a7ba Backdoor RBot
UGMYCM.EXE a12d7adbe69365cead13d7672a57a7ba Trojan Agent

UGMYCM.EXE size: 26624 bytes
UGMYCM.EXE hash: A12D7ADBE69365CEAD13D7672A57A7BA

Created files:

%SysDir%\hra33.dll
%WinDir%\ugmycm.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Pqrstu werwerde Ghi\Type: 10010000
HKLM\System\CurrentControlSet\Services\Pqrstu werwerde Ghi\Start: 02000000
HKLM\System\CurrentControlSet\Services\Pqrstu werwerde Ghi\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Pqrstu werwerde Ghi\DisplayName: Pqrstu rtertde Ghijklmn Pqrs
HKLM\System\CurrentControlSet\Services\Pqrstu werwerde Ghi\ImagePath: %WinDir%\ugmycm.exe
HKLM\System\CurrentControlSet\Services\Pqrstu werwerde Ghi\Description: Pqrstuvw ertertfgh Jklmnop Rstuvwxy Bcd

Detected by UnHackMe:

UGMYCM.EXE
Default location: %WinDir%\UGMYCM.EXE

Dropper information:
MD5: a12d7adbe69365cead13d7672a57a7ba
File size: 26624 bytes

Leave a Reply