Nivdort

Malware investigators inform that the Nivdort family of password-collecting Trojans has many representatives that are programmed to collect a wide range of information. The root Trojan dubbed Nivdort can be detected as TrojanSpy:Win32/Nivdort.A and may be deployed among users as an attached archive file to spam emails that are crafted to look like messages from social media and online banking portals. Trojans that are tagged as Nivdort install their files in the system folder of Windows to avoid detection and may place their modules in a separate folder under the Startup directory. Computer users that are infected with a variant of the Nivdort Trojan may experience slower computer performance and limited Internet speed. Nivdort Trojans may take screenshots of your desktop, modify your DNS settings and record your keystrokes. Moreover, advanced Trojans from the Nivdort family may override the Hosts file of Windows and disable the Windows Firewall to divert users to phishing Web pages.

The Nivdort Trojan may gather data like your IP address, approximate geographical location, software and hardware configuration to provide complex information for infected computers. As stated above, the Nivdort Trojans may exfiltrate your login credentials and credit card data by recording your keystrokes, inject code in your browser and read the Meta tags of pages you visit. Security experts add that the Nivdort Trojans may use port 80 to send data via HTTP to remote hosts and receive further instructions from operators. Some versions of the Nivdort Trojan may upload, download and run files automatically. Processes like tjgmfaq74k4sdhg.exe, toktyochojyv.exe and wctymgrvuom.exe are used by TrojanSpy:Win32/Nivdort to execute its operations on affected PCs. You need to install a trustworthy anti-malware utility to find and delete the binary associated with Nivdort Trojans.