Solved! Use ZQLTQU.EXE (Backdoor Nitol) Removal Guide

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

ZQLTQU.EXE – Backdoor Nitol removal

FileMD5Virus Alias
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Backdoor Nitol
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan SuspiciousFile
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Generic
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Eldorado
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Downloader
ZQLTQU.EXE 7176320814f62328f8a5a96140b37466 Trojan Kazy

ZQLTQU.EXE size: 20992 bytes
ZQLTQU.EXE hash: 7176320814F62328F8A5A96140B37466

Created files:

%SysDir%\gei33.dll
%SysDir%\zqltqu.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Type: 10000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\DisplayName: ASPNET State Servicesyta Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\ImagePath: %WinDir%\System32\zqltqu.exe
HKLM\System\CurrentControlSet\Services\ASPNET_statesjrq\Description: Provides support for out-of-to-processmid Transaction Coordinator Service.

Detected by UnHackMe:

ZQLTQU.EXE
Default location: %SYSDIR%\ZQLTQU.EXE

Dropper information:
MD5: 7176320814f62328f8a5a96140b37466
File size: 20992 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images