Solved! Use SAKWAE.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

SAKWAE.EXE – Backdoor Nitol removal

File MD5 Virus Alias
SAKWAE.EXE ea91e3ada40c3f1032794b1a5211574e Backdoor Nitol
SAKWAE.EXE ea91e3ada40c3f1032794b1a5211574e Trojan DLOADER
SAKWAE.EXE ea91e3ada40c3f1032794b1a5211574e Trojan Artemis
SAKWAE.EXE ea91e3ada40c3f1032794b1a5211574e Trojan Generic
SAKWAE.EXE ea91e3ada40c3f1032794b1a5211574e Trojan Eldorado
SAKWAE.EXE ea91e3ada40c3f1032794b1a5211574e Backdoor RBot

SAKWAE.EXE size: 32768 bytes
SAKWAE.EXE hash: EA91E3ADA40C3F1032794B1A5211574E

Created files:

%SysDir%\sakwae.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Gh512ijkl Nopqrstu Wxy\Type: 10000000
HKLM\System\CurrentControlSet\Services\Gh512ijkl Nopqrstu Wxy\Start: 02000000
HKLM\System\CurrentControlSet\Services\Gh512ijkl Nopqrstu Wxy\DisplayName: Ghij655klmn Pqrstuvwx Abcdefg Ijklmnop Rst
HKLM\System\CurrentControlSet\Services\Gh512ijkl Nopqrstu Wxy\ImagePath: %WinDir%\System32\sakwae.exe
HKLM\System\CurrentControlSet\Services\Gh512ijkl Nopqrstu Wxy\Description: Ghijk655l Nopqrstu Wxyabcde Ghij

Detected by UnHackMe:

SAKWAE.EXE
Default location: %SYSDIR%\SAKWAE.EXE

Dropper information:
MD5: ea91e3ada40c3f1032794b1a5211574e
File size: 32768 bytes

Leave a Reply