Solved! Use HGZLGM.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

HGZLGM.EXE – Backdoor Nitol removal

File MD5 Virus Alias
HGZLGM.EXE 2c1917403d113d83404f898ae71939d2 Backdoor Nitol
HGZLGM.EXE 2c1917403d113d83404f898ae71939d2 Trojan Eldorado
HGZLGM.EXE 2c1917403d113d83404f898ae71939d2 Trojan Downloader
HGZLGM.EXE 2c1917403d113d83404f898ae71939d2 Trojan Graftor
HGZLGM.EXE 2c1917403d113d83404f898ae71939d2 Trojan Agent
HGZLGM.EXE 2c1917403d113d83404f898ae71939d2 Trojan Scar

HGZLGM.EXE size: 49664 bytes
HGZLGM.EXE hash: 2C1917403D113D83404F898AE71939D2

Created files:

%WinDir%\svchoost.exe
%SysDir%\gei33.dll
%SysDir%\hgzlgm.exe
%Temp%\zhunquel.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run : 43003A005C00570049004E0044004F00570053005C0073007600630068006F006F00730074002E006500780065000000
HKLM\System\CurrentControlSet\Services\netscvre\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvre\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvre\DisplayName: NT LM Security Support Providers
HKLM\System\CurrentControlSet\Services\netscvre\ImagePath: %WinDir%\System32\hgzlgm.exe
HKLM\System\CurrentControlSet\Services\netscvre\Description: NT LM Security Support Providers

Detected by UnHackMe:

HGZLGM.EXE
Default location: %SYSDIR%\HGZLGM.EXE

Dropper information:
MD5: 64c1ca809f3bd60278231c983407309d
File size: 92160 bytes

Leave a Reply