Solved! Use SERVER.EXE (Backdoor Nitol) Removal Guide

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

SERVER.EXE – Backdoor Nitol removal

File MD5 Virus Alias
SERVER.EXE 420026e4ab89566669a6c21c8d0f3901 Backdoor Nitol
SERVER.EXE 420026e4ab89566669a6c21c8d0f3901 Trojan MulDrop4
SERVER.EXE 420026e4ab89566669a6c21c8d0f3901 Trojan Eldorado
SERVER.EXE 420026e4ab89566669a6c21c8d0f3901 Backdoor RBot
SERVER.EXE 420026e4ab89566669a6c21c8d0f3901 Trojan Downloader
SERVER.EXE 420026e4ab89566669a6c21c8d0f3901 Trojan Graftor

SERVER.EXE size: 57344 bytes
SERVER.EXE hash: 420026E4AB89566669A6C21C8D0F3901

Created files:

%SysDir%\server.exe
%SysDir%\vmware-vmx.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\VMwareVmx\Type: 10000000
HKLM\System\CurrentControlSet\Services\VMwareVmx\Start: 02000000
HKLM\System\CurrentControlSet\Services\VMwareVmx\DisplayName: VMware VMX Service
HKLM\System\CurrentControlSet\Services\VMwareVmx\ImagePath: %WinDir%\System32\vmware-vmx.exe
HKLM\System\CurrentControlSet\Services\VMwareVmx\Description: VMX service for virtual networks.

Detected by UnHackMe:

SERVER.EXE
Default location: %SYSDIR%\SERVER.EXE

Dropper information:
MD5: 420026e4ab89566669a6c21c8d0f3901
File size: 57344 bytes