I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
HGJBCI.EXE – Backdoor Nitol removal
File | MD5 | Virus Alias |
---|---|---|
HGJBCI.EXE | 880e79407df4b3ea3f3f96dea57087ab | Backdoor Nitol |
HGJBCI.EXE | 880e79407df4b3ea3f3f96dea57087ab | Trojan Artemis |
HGJBCI.EXE | 880e79407df4b3ea3f3f96dea57087ab | Trojan Eldorado |
HGJBCI.EXE | 880e79407df4b3ea3f3f96dea57087ab | Trojan Downloader |
HGJBCI.EXE | 880e79407df4b3ea3f3f96dea57087ab | Trojan Graftor |
HGJBCI.EXE | 880e79407df4b3ea3f3f96dea57087ab | Trojan Agent |
HGJBCI.EXE size: 18944 bytes
HGJBCI.EXE hash: 880E79407DF4B3EA3F3F96DEA57087AB
Created files:
%SysDir%\gei33.dll
%SysDir%\hgjbci.exe
%TEMP%\QvodSetup5.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\DisplayName: =+,.9(+H]HY+YJvE[YK@uI(J]NK][HEON;OOJXEN]HOJ+YJvE[Y
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\ImagePath: %WinDir%\System32\hgjbci.exe
HKLM\System\CurrentControlSet\Services\aspnet_stateskey\Description: Provides support for out-of-to-processwyn Transaction Coordinator Service.
Detected by UnHackMe:
HGJBCI.EXE
Default location: %SYSDIR%\HGJBCI.EXE
Dropper information:
MD5: cc0a465c7c4e91d67d84a70442579f28
File size: 449585 bytes