Solved! Use GEI33.DLL (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

GEI33.DLL – Backdoor Nitol removal

File MD5 Virus Alias
GEI33.DLL 4597ccd316ccc9be0660fcee56321c9b Backdoor Nitol
GEI33.DLL 4597ccd316ccc9be0660fcee56321c9b Trojan Artemis
GEI33.DLL 4597ccd316ccc9be0660fcee56321c9b Trojan Generic
GEI33.DLL 4597ccd316ccc9be0660fcee56321c9b Trojan Graftor
GEI33.DLL 4597ccd316ccc9be0660fcee56321c9b Trojan OnLineGames
GEI33.DLL 4597ccd316ccc9be0660fcee56321c9b Trojan Agent

GEI33.DLL size: 12288 bytes
GEI33.DLL hash: 4597CCD316CCC9BE0660FCEE56321C9B

Created files:

%SysDir%\gei33.dll
%SysDir%\zqltqu.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Type: 10000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\DisplayName: ASPNET State Servicesyta Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\ImagePath: %WinDir%\System32\zqltqu.exe
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Description: Provides support for out-of-to-processmid Transaction Coordinator Service.

Detected by UnHackMe:

GEI33.DLL
Default location: %SYSDIR%\GEI33.DLL

Dropper information:
MD5: 7176320814f62328f8a5a96140b37466
File size: 20992 bytes

Leave a Reply