HGJBCI.EXE – Backdoor Nitol

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

HGJBCI.EXE – Backdoor Nitol removal

FileMD5Virus Alias
HGJBCI.EXE 880e79407df4b3ea3f3f96dea57087ab Backdoor Nitol
HGJBCI.EXE 880e79407df4b3ea3f3f96dea57087ab Trojan Artemis
HGJBCI.EXE 880e79407df4b3ea3f3f96dea57087ab Trojan Eldorado
HGJBCI.EXE 880e79407df4b3ea3f3f96dea57087ab Trojan Downloader
HGJBCI.EXE 880e79407df4b3ea3f3f96dea57087ab Trojan Graftor
HGJBCI.EXE 880e79407df4b3ea3f3f96dea57087ab Trojan Agent

HGJBCI.EXE size: 18944 bytes
HGJBCI.EXE hash: 880E79407DF4B3EA3F3F96DEA57087AB

Created files:

%SysDir%\gei33.dll
%SysDir%\hgjbci.exe
%TEMP%\QvodSetup5.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_stateskey\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\DisplayName: =+,.9(+H]HY+YJvE[YK@uI(J]NK][HEON;OOJXEN]HOJ+YJvE[Y
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\ImagePath: %WinDir%\System32\hgjbci.exe
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\Description: Provides support for out-of-to-processwyn Transaction Coordinator Service.

Detected by UnHackMe:

HGJBCI.EXE
Default location: %SYSDIR%\HGJBCI.EXE

Dropper information:
MD5: cc0a465c7c4e91d67d84a70442579f28
File size: 449585 bytes

Leave a Reply