BLACK.DLL – Backdoor Nitol

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

BLACK.DLL – Backdoor Nitol removal

FileMD5Virus Alias
BLACK.DLL 2542112ba391e66e80396bce4aa77255 Backdoor Nitol
BLACK.DLL 2542112ba391e66e80396bce4aa77255 Trojan BadReputation
BLACK.DLL 2542112ba391e66e80396bce4aa77255 Trojan Generic
BLACK.DLL 2542112ba391e66e80396bce4aa77255 Trojan CI
BLACK.DLL 2542112ba391e66e80396bce4aa77255 Virus Part

BLACK.DLL size: 9216 bytes
BLACK.DLL hash: 2542112BA391E66E80396BCE4AA77255

Created files:

%SysDir%\Black.dll
%SysDir%\Drivers\diskflt.sys
%SysDir%\kscan.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run : %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\diskflt\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Type: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Tag: 0A000000
HKLM\System\CurrentControlSet\Services\Nationaljqn\Type: 10010000
HKLM\System\CurrentControlSet\Services\Nationaljqn\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationaljqn\DisplayName: Nationallgp Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationaljqn\ImagePath: %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\Nationaljqn\Description: Providesjlm a domain server for NI security.

Detected by UnHackMe:

BLACK.DLL
Default location: %SYSDIR%\BLACK.DLL

Dropper information:
MD5: 15c1ffb1923d637058b04fe6536a25a8
File size: 218968 bytes

Leave a Reply