Solved! Use ZMXXME.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

ZMXXME.EXE – Backdoor Nitol removal

File MD5 Virus Alias
ZMXXME.EXE 3faf10af04c674d6645afb5659ec36fa Backdoor Nitol
ZMXXME.EXE 3faf10af04c674d6645afb5659ec36fa Trojan SuspiciousFile
ZMXXME.EXE 3faf10af04c674d6645afb5659ec36fa Trojan Artemis
ZMXXME.EXE 3faf10af04c674d6645afb5659ec36fa Trojan Generic
ZMXXME.EXE 3faf10af04c674d6645afb5659ec36fa Trojan Eldorado
ZMXXME.EXE 3faf10af04c674d6645afb5659ec36fa Trojan Buzus

ZMXXME.EXE size: 20480 bytes
ZMXXME.EXE hash: 3FAF10AF04C674D6645AFB5659EC36FA

Created files:

%SysDir%\hra33.dll
%WinDir%\zmxxme.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Defghi Klmnsadfopqr Tuv\Type: 10010000
HKLM\System\CurrentControlSet\Services\Defghi Klmnsadfopqr Tuv\Start: 02000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnsadfopqr Tuv\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnsadfopqr Tuv\DisplayName: Defghi Klmnosadfpqr Tuvwxyab Defg
HKLM\System\CurrentControlSet\Services\Defghi Klmnsadfopqr Tuv\ImagePath: %WinDir%\zmxxme.exe
HKLM\System\CurrentControlSet\Services\Defghi Klmnsadfopqr Tuv\Description: Defghijk Mnosdfpqrstu Wxyabcd Fghijklm Opq

Detected by UnHackMe:

ZMXXME.EXE
Default location: %WinDir%\ZMXXME.EXE

Dropper information:
MD5: 3faf10af04c674d6645afb5659ec36fa
File size: 20480 bytes

Leave a Reply