Solved! Use ZQLTQU.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

ZQLTQU.EXE – Backdoor Nitol removal

File MD5 Virus Alias
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Backdoor Nitol
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan SuspiciousFile
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Generic
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Eldorado
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Downloader
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Kazy

ZQLTQU.EXE size: 20992 bytes
ZQLTQU.EXE hash: 7176320814F62328F8A5A96140B37466

Created files:

%SysDir%\gei33.dll
%SysDir%\zqltqu.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Type: 10000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\DisplayName: ASPNET State Servicesyta Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\ImagePath: %WinDir%\System32\zqltqu.exe
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Description: Provides support for out-of-to-processmid Transaction Coordinator Service.

Detected by UnHackMe:

ZQLTQU.EXE
Default location: %SYSDIR%\ZQLTQU.EXE

Dropper information:
MD5: 7176320814f62328f8a5a96140b37466
File size: 20992 bytes

Leave a Reply