Backdoor.Nitol is a backdoor Trojan that opens a back door on the infected PC. Once Backdoor.Nitol is executed, it copies itself as the executable file composed of the six letters excluding the .exe extension. Backdoor.Nitol then tries to stop two processes named RavMonD.exe and rfwsrv.exe if they are running. Backdoor.Nitol tries to collect information from the corrupted machine such as operating system and version, CPU, computer name and locale. Backdoor.Nitol creates one of the two services. Backdoor.Nitol also creates a mutex with the name similar to one of the service names. Backdoor.Nitol tries to open a back door and connect to the certain locations. Once a connection is created, Backdoor.Nitol tries to forward the collected information and execute a distributed denial of service (DDoS) attack on another PC. Backdoor.Nitol also tries to drop a malicious file. Uninstall Backdoor.Nitol by using a recognized security tool.
File System Details
|#||File Name||Size||MD5||Detection Count|
|8||%Temp%stf[FIVE RANDOM CHARACTERS].exe||N/A|
|9||%ProgramFiles%\[SIX RANDOM CHARACTERS].exe||N/A|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.