Solved! Use TKNVKM.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

TKNVKM.EXE – Backdoor Nitol removal

File MD5 Virus Alias
TKNVKM.EXE 25d5a9d2cdddd046d2df80f74b87cced Backdoor Nitol
TKNVKM.EXE 25d5a9d2cdddd046d2df80f74b87cced Trojan SuspiciousFile
TKNVKM.EXE 25d5a9d2cdddd046d2df80f74b87cced Trojan Eldorado
TKNVKM.EXE 25d5a9d2cdddd046d2df80f74b87cced Trojan Agent
TKNVKM.EXE 25d5a9d2cdddd046d2df80f74b87cced Backdoor Zegost

TKNVKM.EXE size: 18944 bytes
TKNVKM.EXE hash: 25D5A9D2CDDDD046D2DF80F74B87CCED

Created files:

%SysDir%\hra33.dll
%WinDir%\tknvkm.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\.Net CLR\Type: 10010000
HKLM\System\CurrentControlSet\Services\.Net CLR\Start: 02000000
HKLM\System\CurrentControlSet\Services\.Net CLR\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\.Net CLR\DisplayName: Microsoft .Net Framework COM+ Support
HKLM\System\CurrentControlSet\Services\.Net CLR\ImagePath: %WinDir%\tknvkm.exe
HKLM\System\CurrentControlSet\Services\.Net CLR\Description: Microsoft .NET COM+ Integration with SOAP

Detected by UnHackMe:

TKNVKM.EXE
Default location: %WinDir%\TKNVKM.EXE

Dropper information:
MD5: 25d5a9d2cdddd046d2df80f74b87cced
File size: 18944 bytes

Leave a Reply