Backdoor.Nitol

Backdoor.Nitol Description

Backdoor.Nitol is a backdoor Trojan that opens a back door on the infected PC. Once Backdoor.Nitol is executed, it copies itself as the executable file composed of the six letters excluding the .exe extension. Backdoor.Nitol then tries to stop two processes named RavMonD.exe and rfwsrv.exe if they are running. Backdoor.Nitol tries to collect information from the corrupted machine such as operating system and version, CPU, computer name and locale. Backdoor.Nitol creates one of the two services. Backdoor.Nitol also creates a mutex with the name similar to one of the service names. Backdoor.Nitol tries to open a back door and connect to the certain locations. Once a connection is created, Backdoor.Nitol tries to forward the collected information and execute a distributed denial of service (DDoS) attack on another PC. Backdoor.Nitol also tries to drop a malicious file. Uninstall Backdoor.Nitol by using a recognized security tool.

Technical Information

File System Details

Backdoor.Nitol creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\lgfxcu.exe 36,864 a7027359c127c41f595e192d5bc6f93c 29
2 LPK.dll 26,112 1005f5b7d887c69dad445ef8bfe2ba6e 17
3 %WINDIR%\system32\server.EXE 38,776 fa83218ca7e58eadde29e52cce1981a8 10
4 %WINDIR%\system32\igdbZWS.exe 45,056 355b78b054d18792f0f39345e5dca25d 9
5 %WINDIR%\system32\nb.exe 49,152 a9c935ff66adf8ae61fbac6eda9dc652 3
6 %LOCALAPPDATA%XLARAp.dll 114,688 2dc44a37b451a41562932bac95bad639 1
7 %WINDIR%\system32\DE857WWS\I001.exe 84,498 5990ff99244da1b3be2d566456ed9187 1
8 %Temp%stf[FIVE RANDOM CHARACTERS].exe N/A
9 %ProgramFiles%\[SIX RANDOM CHARACTERS].exe N/A
10 file.exe 126,434 ddf0134ee920b0b9930f7d7aa2d1e038 0
More files

Registry Details

Backdoor.Nitol creates the following registry entry or registry entries:
Directory
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startupÿ
Regexp file mask
%APPDATA%\Realtek Audio System Emulator.exe
%WINDIR%\Declient.exe

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.