Solved! Use VIZNIA.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

VIZNIA.EXE – Backdoor Nitol removal

FileMD5Virus Alias
VIZNIA.EXE 378f3b065a46513d0f93816843d595c8 Backdoor Nitol
VIZNIA.EXE 378f3b065a46513d0f93816843d595c8 Trojan Eldorado
VIZNIA.EXE 378f3b065a46513d0f93816843d595c8 Trojan Downloader
VIZNIA.EXE 378f3b065a46513d0f93816843d595c8 Trojan OnLineGames
VIZNIA.EXE 378f3b065a46513d0f93816843d595c8 Trojan Agent
VIZNIA.EXE 378f3b065a46513d0f93816843d595c8 Trojan Jorik

VIZNIA.EXE size: 59392 bytes
VIZNIA.EXE hash: 378F3B065A46513D0F93816843D595C8

Created files:

%SysDir%\gei33.dll
%SysDir%\viznia.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\DisplayName: ASP.NET State Servicesyta Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\ImagePath: %WinDir%\System32\viznia.exe
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\Description: Provides support for out-of-to-processmid Transaction Coordinator Service.

Detected by UnHackMe:

VIZNIA.EXE
Default location: %SYSDIR%\VIZNIA.EXE

Dropper information:
MD5: 378f3b065a46513d0f93816843d595c8
File size: 59392 bytes

Leave a Reply