Solved! Use YCEOCE.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

YCEOCE.EXE – Backdoor Nitol removal

FileMD5Virus Alias
YCEOCE.EXE efcd82333e034fb0a30adfd114a96d28 Backdoor Nitol
YCEOCE.EXE efcd82333e034fb0a30adfd114a96d28 Trojan SuspiciousFile
YCEOCE.EXE efcd82333e034fb0a30adfd114a96d28 Trojan Generic
YCEOCE.EXE efcd82333e034fb0a30adfd114a96d28 Trojan Eldorado
YCEOCE.EXE efcd82333e034fb0a30adfd114a96d28 Trojan Downloader
YCEOCE.EXE efcd82333e034fb0a30adfd114a96d28 Trojan CI

YCEOCE.EXE size: 15872 bytes
YCEOCE.EXE hash: EFCD82333E034FB0A30ADFD114A96D28

Created files:

%SysDir%\yceoce.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_statesqlc\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_statesqlc\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_statesqlc\DisplayName: ASP.NET State Servicesdce Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\aspnet_statesqlc\ImagePath: %WinDir%\System32\yceoce.exe
HKLM\System\CurrentControlSet\Services\aspnet_statesqlc\Description: Provides support for out-of-to-processvhr Transaction Coordinator Service.

Detected by UnHackMe:

YCEOCE.EXE
Default location: %SYSDIR%\YCEOCE.EXE

Dropper information:
MD5: efcd82333e034fb0a30adfd114a96d28
File size: 15872 bytes

Leave a Reply