QYESYS.EXE – Backdoor Nitol

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

QYESYS.EXE – Backdoor Nitol removal

FileMD5Virus Alias
QYESYS.EXE bf62f767885dcfab702d4a34c1371ea0 Backdoor Nitol
QYESYS.EXE bf62f767885dcfab702d4a34c1371ea0 Trojan Eldorado
QYESYS.EXE bf62f767885dcfab702d4a34c1371ea0 Trojan Downloader
QYESYS.EXE bf62f767885dcfab702d4a34c1371ea0 Trojan Graftor
QYESYS.EXE bf62f767885dcfab702d4a34c1371ea0 Trojan Agent
QYESYS.EXE bf62f767885dcfab702d4a34c1371ea0 Trojan Scar

QYESYS.EXE size: 49664 bytes
QYESYS.EXE hash: BF62F767885DCFAB702D4A34C1371EA0

Created files:

%SysDir%\gei33.dll
%SysDir%\qyesys.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\netscvre\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvre\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvre\DisplayName: NT LM Security Support Providers
HKLM\System\CurrentControlSet\Services\netscvre\ImagePath: %WinDir%\System32\qyesys.exe
HKLM\System\CurrentControlSet\Services\netscvre\Description: NT LM Security Support Providers

Detected by UnHackMe:

QYESYS.EXE
Default location: %SYSDIR%\QYESYS.EXE

Dropper information:
MD5: bf62f767885dcfab702d4a34c1371ea0
File size: 49664 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images