Solved! Use DCVJGI.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

DCVJGI.EXE – Backdoor Nitol removal

FileMD5Virus Alias
DCVJGI.EXE b4ef2d7b1a30fce1c4e1c5b2168788d5 Backdoor Nitol
DCVJGI.EXE b4ef2d7b1a30fce1c4e1c5b2168788d5 Trojan SuspiciousFile
DCVJGI.EXE b4ef2d7b1a30fce1c4e1c5b2168788d5 Trojan Eldorado
DCVJGI.EXE b4ef2d7b1a30fce1c4e1c5b2168788d5 Trojan Agent
DCVJGI.EXE b4ef2d7b1a30fce1c4e1c5b2168788d5 Backdoor Zegost
DCVJGI.EXE b4ef2d7b1a30fce1c4e1c5b2168788d5 Backdoor Farfli

DCVJGI.EXE size: 20480 bytes
DCVJGI.EXE hash: B4EF2D7B1A30FCE1C4E1C5B2168788D5

Created files:

%WinDir%\dcvjgi.exe
%SysDir%\hra33.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\sadas\Type: 10010000
HKLM\System\CurrentControlSet\Services\sadas\Start: 02000000
HKLM\System\CurrentControlSet\Services\sadas\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\sadas\DisplayName: sdaasd
HKLM\System\CurrentControlSet\Services\sadas\ImagePath: %WinDir%\dcvjgi.exe
HKLM\System\CurrentControlSet\Services\sadas\Description: sadasdsadP

Detected by UnHackMe:

DCVJGI.EXE
Default location: %WinDir%\DCVJGI.EXE

Dropper information:
MD5: b4ef2d7b1a30fce1c4e1c5b2168788d5
File size: 20480 bytes

Leave a Reply