POVFOI.EXE – Backdoor Nitol

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

POVFOI.EXE – Backdoor Nitol removal

FileMD5Virus Alias
POVFOI.EXE 923203ba601f8e009bb897e8b13f0b1b Backdoor Nitol
POVFOI.EXE 923203ba601f8e009bb897e8b13f0b1b Trojan Eldorado
POVFOI.EXE 923203ba601f8e009bb897e8b13f0b1b Trojan OnLineGames
POVFOI.EXE 923203ba601f8e009bb897e8b13f0b1b Trojan Agent
POVFOI.EXE 923203ba601f8e009bb897e8b13f0b1b Trojan-Ransom Winlock
POVFOI.EXE 923203ba601f8e009bb897e8b13f0b1b Trojan Jorik

POVFOI.EXE size: 39936 bytes
POVFOI.EXE hash: 923203BA601F8E009BB897E8B13F0B1B

Created files:

%SysDir%\gei33.dll
%SysDir%\povfoi.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_statesbot\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_statesbot\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_statesbot\DisplayName: ASP.NET State Servicesnmx Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\aspnet_statesbot\ImagePath: %WinDir%\System32\povfoi.exe
HKLM\System\CurrentControlSet\Services\aspnet_statesbot\Description: Provides support for out-of-to-processehs Transaction Coordinator Service.

Detected by UnHackMe:

POVFOI.EXE
Default location: %SYSDIR%\POVFOI.EXE

Dropper information:
MD5: 923203ba601f8e009bb897e8b13f0b1b
File size: 39936 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images