Backdoor Nitol – 8ce190e2ab72386645739bb491a90d91

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

Backdoor Nitol
Also known as: Trojan Injector, Trojan Agent
SHA256: ae55b3719aec9439ccef1ec4eec312135271463142243d393b0c8dee30622437
SHA1: 7ee8ce5099be659f9fc71ba3f41a26e9b3558f44
MD5: 8ce190e2ab72386645739bb491a90d91
File size: 47882 bytes

Created files:

%SysDir%\eeyiey.exe – Backdoor Nitol
%SysDir%\hra33.dll – Backdoor Nitol
%SysDir%\svchost.dll – Backdoor Nitol
%SysDir%\xktjko.exe – Backdoor Nitol
%WinDir%\TEMP\BJ.exe – Backdoor Nitol
%WinDir%\TEMP\Service.exe – Backdoor Nitol
%WinDir%\WinUpdate.exe – Backdoor Nitol
%Temp%\eeyiey.exe – Backdoor Nitol

Backdoor Nitol created autostart registry keys:

HKLM\System\CurrentControlSet\Services\WinDMS\Type: 10000000
HKLM\System\CurrentControlSet\Services\WinDMS\Start: 02000000
HKLM\System\CurrentControlSet\Services\WinDMS\DisplayName: Windows ???????????????
HKLM\System\CurrentControlSet\Services\WinDMS\ImagePath: %WinDir%\System32\eeyiey.exe
HKLM\System\CurrentControlSet\Services\WinDMS\Descriptioneeyiey.exe: Windows Driver Manager Service
HKLM\System\CurrentControlSet\Services\wuauservdlv\Type: 10000000
HKLM\System\CurrentControlSet\Services\wuauservdlv\Start: 02000000
HKLM\System\CurrentControlSet\Services\wuauservdlv\DisplayName: ???????ffl
HKLM\System\CurrentControlSet\Services\wuauservdlv\ImagePath: %WinDir%\System32\xktjko.exe
HKLM\System\CurrentControlSet\Services\wuauservdlv\Description: ??????????? Windows ???¡???????????????ã?????????????????á???????¡?????? Windows Update ????? mda

Leave a Reply