Solved! Use QUSOUE.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

QUSOUE.EXE – Backdoor Nitol removal

File MD5 Virus Alias
QUSOUE.EXE 5054d7d22aedc747202637a4bd9eaeea Backdoor Nitol
QUSOUE.EXE 5054d7d22aedc747202637a4bd9eaeea Trojan SuspiciousFile
QUSOUE.EXE 5054d7d22aedc747202637a4bd9eaeea Trojan Artemis
QUSOUE.EXE 5054d7d22aedc747202637a4bd9eaeea Trojan Generic
QUSOUE.EXE 5054d7d22aedc747202637a4bd9eaeea Backdoor Farfli

QUSOUE.EXE size: 19968 bytes
QUSOUE.EXE hash: 5054D7D22AEDC747202637A4BD9EAEEA

Created files:

%WinDir%\qusoue.exe
%SysDir%\hra33.dll

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Type: 10010000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Start: 02000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\DisplayName: Defghi Klmnopqr Tuvwxyab Defg
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\ImagePath: %WinDir%\qusoue.exe
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Description: Defghijk Mnopqrstu Wxyabcd Fghijklm Opq

Detected by UnHackMe:

QUSOUE.EXE
Default location: %WinDir%\QUSOUE.EXE

Dropper information:
MD5: 5054d7d22aedc747202637a4bd9eaeea
File size: 19968 bytes

Leave a Reply