Solved! Use WEIGAI.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

WEIGAI.EXE – Backdoor Nitol removal

FileMD5Virus Alias
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Backdoor Nitol
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan SuspiciousFile
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Artemis
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Generic
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Eldorado
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Backdoor RBot

WEIGAI.EXE size: 25600 bytes
WEIGAI.EXE hash: 709D7EF0F8798F59590441D84600968D

Created files:

%SysDir%\weigai.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Nationqealhvo\Type: 10000000
HKLM\System\CurrentControlSet\Services\Nationqealhvo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationqealhvo\DisplayName: Nationalqwefvf Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationqealhvo\ImagePath: %WinDir%\System32\weigai.exe
HKLM\System\CurrentControlSet\Services\Nationqealhvo\Description: Providewqesowk a domain server for NI security.

Detected by UnHackMe:

WEIGAI.EXE
Default location: %SYSDIR%\WEIGAI.EXE

Dropper information:
MD5: 709d7ef0f8798f59590441d84600968d
File size: 25600 bytes

Leave a Reply