Solved! Use XQTRMA.EXE (Backdoor Nitol) Removal Guide

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

XQTRMA.EXE – Backdoor Nitol removal

FileMD5Virus Alias
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Backdoor Nitol
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan SuspiciousFile
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan Artemis
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan Generic
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan Downloader
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan CI

XQTRMA.EXE size: 124928 bytes
XQTRMA.EXE hash: FB73BB3507A79C3369534DA35F425E48

Created files:

%SysDir%\gei33.dll
%SysDir%\xqtrma.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\netscvre\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvre\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvre\DisplayName: NT LM Security Support Providers
HKLM\System\CurrentControlSet\Services\netscvre\ImagePath: %WinDir%\System32\xqtrma.exe
HKLM\System\CurrentControlSet\Services\netscvre\Description: NT LM Security Support Providers

Detected by UnHackMe:

XQTRMA.EXE
Default location: %SYSDIR%\XQTRMA.EXE

Dropper information:
MD5: fb73bb3507a79c3369534da35f425e48
File size: 124928 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images