Threat Database Backdoors Backdoor.Nitol

Backdoor.Nitol

By Sumo3000 in Backdoors

Threat Scorecard

Ranking: 9,802
Threat Level: 80 % (High)
Infected Computers: 4,878
First Seen: April 17, 2012
Last Seen: September 11, 2023
OS(es) Affected: Windows

Backdoor.Nitol is a backdoor Trojan that opens a back door on the infected PC. Once Backdoor.Nitol is executed, it copies itself as the executable file composed of the six letters excluding the .exe extension. Backdoor.Nitol then tries to stop two processes named RavMonD.exe and rfwsrv.exe if they are running. Backdoor.Nitol tries to collect information from the corrupted machine such as operating system and version, CPU, computer name and locale. Backdoor.Nitol creates one of the two services. Backdoor.Nitol also creates a mutex with the name similar to one of the service names. Backdoor.Nitol tries to open a back door and connect to the certain locations. Once a connection is created, Backdoor.Nitol tries to forward the collected information and execute a distributed denial of service (DDoS) attack on another PC. Backdoor.Nitol also tries to drop a malicious file. Uninstall Backdoor.Nitol by using a recognized security tool.

SpyHunter Detects & Remove Backdoor.Nitol

File System Details

Backdoor.Nitol may create the following file(s):
# File Name MD5 Detections
1. lgfxcu.exe a7027359c127c41f595e192d5bc6f93c 29
2. LPK.dll 1005f5b7d887c69dad445ef8bfe2ba6e 17
3. server.EXE fa83218ca7e58eadde29e52cce1981a8 10
4. igdbZWS.exe 355b78b054d18792f0f39345e5dca25d 9
5. lpk.dll b5a201ed9cfdb614c0fc2e746f1ce5b5 7
6. LPK.dll 41faa40906c4c7b189dfcf861594cd53 5
7. xx25.exe 28fa5862ecbc2dce373b579e0f263393 4
8. nb.exe a9c935ff66adf8ae61fbac6eda9dc652 3
9. XLARAp.dll 2dc44a37b451a41562932bac95bad639 1
10. I001.exe 5990ff99244da1b3be2d566456ed9187 1
11. %Temp%stf[FIVE RANDOM CHARACTERS].exe
12. %ProgramFiles%\[SIX RANDOM CHARACTERS].exe
13. file.exe ddf0134ee920b0b9930f7d7aa2d1e038 0

Registry Details

Backdoor.Nitol may create the following registry entry or registry entries:
Regexp file mask
%APPDATA%\Realtek Audio System Emulator.exe
%WINDIR%\Declient.exe

Directories

Backdoor.Nitol may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startupÿ

Trending

Most Viewed

Loading...