Solved! Use ZMDPMG.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

ZMDPMG.EXE – Backdoor Nitol removal

File MD5 Virus Alias
ZMDPMG.EXE 0157176b3065b4be1d399508c4ff8420 Backdoor Nitol
ZMDPMG.EXE 0157176b3065b4be1d399508c4ff8420 Trojan SuspiciousFile
ZMDPMG.EXE 0157176b3065b4be1d399508c4ff8420 Trojan Artemis
ZMDPMG.EXE 0157176b3065b4be1d399508c4ff8420 Trojan Agent
ZMDPMG.EXE 0157176b3065b4be1d399508c4ff8420 Backdoor Farfli

ZMDPMG.EXE size: 21504 bytes
ZMDPMG.EXE hash: 0157176B3065B4BE1D399508C4FF8420

Created files:

%SysDir%\hra33.dll
%WinDir%\zmdpmg.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\hsgj\Type: 10010000
HKLM\System\CurrentControlSet\Services\hsgj\Start: 02000000
HKLM\System\CurrentControlSet\Services\hsgj\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\hsgj\DisplayName: gcafg
HKLM\System\CurrentControlSet\Services\hsgj\ImagePath: %WinDir%\zmdpmg.exe
HKLM\System\CurrentControlSet\Services\hsgj\Description: gasdfhg

Detected by UnHackMe:

ZMDPMG.EXE
Default location: %WinDir%\ZMDPMG.EXE

Dropper information:
MD5: 0157176b3065b4be1d399508c4ff8420
File size: 21504 bytes

Leave a Reply