Solved! Use WEIGAI.EXE (Backdoor Nitol) Removal Guide

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

WEIGAI.EXE – Backdoor Nitol removal

File MD5 Virus Alias
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Backdoor Nitol
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan SuspiciousFile
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Artemis
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Generic
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Trojan Eldorado
WEIGAI.EXE 709d7ef0f8798f59590441d84600968d Backdoor RBot

WEIGAI.EXE size: 25600 bytes
WEIGAI.EXE hash: 709D7EF0F8798F59590441D84600968D

Created files:

%SysDir%\weigai.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Nationqealhvo\Type: 10000000
HKLM\System\CurrentControlSet\Services\Nationqealhvo\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationqealhvo\DisplayName: Nationalqwefvf Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationqealhvo\ImagePath: %WinDir%\System32\weigai.exe
HKLM\System\CurrentControlSet\Services\Nationqealhvo\Description: Providewqesowk a domain server for NI security.

Detected by UnHackMe:

WEIGAI.EXE
Default location: %SYSDIR%\WEIGAI.EXE

Dropper information:
MD5: 709d7ef0f8798f59590441d84600968d
File size: 25600 bytes