Solved! Use XQTRMA.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

XQTRMA.EXE – Backdoor Nitol removal

File MD5 Virus Alias
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Backdoor Nitol
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan SuspiciousFile
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan Artemis
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan Generic
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan Downloader
XQTRMA.EXE fb73bb3507a79c3369534da35f425e48 Trojan CI

XQTRMA.EXE size: 124928 bytes
XQTRMA.EXE hash: FB73BB3507A79C3369534DA35F425E48

Created files:

%SysDir%\gei33.dll
%SysDir%\xqtrma.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\netscvre\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvre\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvre\DisplayName: NT LM Security Support Providers
HKLM\System\CurrentControlSet\Services\netscvre\ImagePath: %WinDir%\System32\xqtrma.exe
HKLM\System\CurrentControlSet\Services\netscvre\Description: NT LM Security Support Providers

Detected by UnHackMe:

XQTRMA.EXE
Default location: %SYSDIR%\XQTRMA.EXE

Dropper information:
MD5: fb73bb3507a79c3369534da35f425e48
File size: 124928 bytes

Leave a Reply