Solved! Use QOICGE.EXE (Backdoor Nitol) Removal Guide

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

QOICGE.EXE – Backdoor Nitol removal

File MD5 Virus Alias
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Backdoor Nitol
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan Eldorado
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan Downloader
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan OnLineGames
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan Agent
QOICGE.EXE bd61d5c581bcce53bf04ad293a2d70fa Trojan-Ransom Winlock

QOICGE.EXE size: 59392 bytes
QOICGE.EXE hash: BD61D5C581BCCE53BF04AD293A2D70FA

Created files:

%SysDir%\gei33.dll
%SysDir%\qoicge.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\DisplayName: ASP.NET State Servicesldt Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\ImagePath: %WinDir%\System32\qoicge.exe
HKLM\System\CurrentControlSet\Services\aspnet_stateskyr\Description: Provides support for out-of-to-processxiw Transaction Coordinator Service.

Detected by UnHackMe:

QOICGE.EXE
Default location: %SYSDIR%\QOICGE.EXE

Dropper information:
MD5: bd61d5c581bcce53bf04ad293a2d70fa
File size: 59392 bytes

Leave a Reply