Troj/Nitol-AR removal instruction

The Troj/Nitol-AR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Troj/Nitol-AR virus can do?

Executable code extraction
At least one process apparently crashed during execution
Injection with CreateRemoteThread in a remote process
Creates RWX memory
A process created a hidden window
Drops a binary and executes it
Unconventionial language used in binary resources: Turkish
The binary likely contains encrypted or compressed data.
Uses Windows utilities for basic functionality
Code injection with CreateRemoteThread in a remote process
A process attempted to delay the analysis task by a long amount of time.
Tries to unhook or modify Windows functions monitored by Cuckoo
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a hidden or system file
Checks for the presence of known devices from debuggers and forensic tools
Creates a copy of itself
Attempts to interact with an Alternate Data Stream (ADS)
Uses suspicious command line tools or Windows utilities

Related domains:

ilo.brenz.pl

zinoda.com

ant.trenz.pl

mfljwa.com

ftmypj.com

lpwwiu.com

tpfrfy.com

qhaixl.com

pudnze.com

jakaih.com

oxbthm.com

cmyvme.com

hkygpl.com

kozdim.com

dygzwa.com

lwoasu.com

oyaati.com

xzvmoj.com

elueax.com

bcoruq.com

aohgam.com

beekvu.com

ubglzo.com

eoybtc.com

glhxma.com

ihoeay.com

tegmhu.com

aqfqpq.com

bvqghi.com

ngaxaw.com

icuqyi.com

fyaujy.com

xclyuo.com

gydnxx.com

epeopi.com

ftgeqs.com

jsqxej.com

mruuyh.com

igyidt.com

nadula.com

arhwoi.com

yhuwto.com

afvshr.com

fxwmdc.com

aujkyx.com

nuoolo.com

uyexfs.com

hxohkr.com

hivlel.com

euchqu.com

crrycy.com

cfhvkd.com

ydaokl.com

vrayai.com

dpqbce.com

dtzdzi.com

ehetnj.com

fokhgj.com

btmsdi.com

bkwejo.com

pyqyiz.com

kfiugu.com

moiycf.com

cuibha.com

zowqmi.com

rcyalq.com

tzokkx.com

xybqlo.com

gfzizu.com

mjcxpy.com

loiznh.com

jskour.com

leiyiw.com

wlxpmi.com

lftopn.com

lhkazh.com

ukphpu.com

uaeaai.com

hzxain.com

jyfouu.com

laxrca.com

emautg.com

eeigee.com

nyfjxe.com

guayyf.com

gpoawd.com

einitm.com

zomedu.com

rbxofe.com

zeaihm.com

uhyeox.com

qtevfs.com

baalat.com

nsescr.com

nuyivi.com

ocaboc.com

alwwub.com

ueyxhu.com

uudple.com

kvidqu.com

vgndai.com

ewfvow.com

How to determine Troj/Nitol-AR?


File Info:
crc32: 5CC0E9CF
md5: c9c8d40656f16b4b50c9c08eb9a7aabc
name: Cd.exe
sha1: b40d0705f0aaf86ecca03165118c88299baf6ffb
sha256: 2aea443bcf9d86315722ce07d1f5a04bbb1afed14e54d9728da457fa2cdf5947
sha512: 39e121f18ce9d3624fbc55b2344fbab74b6d61aee0c982ec23968ab9f6e098a9ee5d3f78573a6f30559a2e5e25d1e217e073f3ace8eca262d335f6866d93b4a3
ssdeep: 12288:YRGPKEEgQBRtt/NXMTW9P1QpfXkHjA3bMi70yN9dLILecm6T6F:XKE9Gtt/hMTW9PWpfXz3bMi7bPdIKW2
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: 
InternalName: 
FileVersion: 1.0.0.4
CompanyName: Synaptics
LegalTrademarks: 
Comments: 
ProductName: Synaptics Pointing Device Driver
ProductVersion: 1.0.0.0
FileDescription: Synaptics Pointing Device Driver
OriginalFilename: 
Translation: 0x041f 0x04e6

Troj/Nitol-AR also known as:

Bkav	W32.Vetor.PE
MicroWorld-eScan	Win32.Virtob.Gen.12
FireEye	Generic.mg.c9c8d40656f16b4b
Cylance	Unsafe
VIPRE	Virus.Win32.Virut.ce.5 (v)
Sangfor	Malware
K7AntiVirus	Virus ( f10002001 )
BitDefender	Win32.Virtob.Gen.12
K7GW	Virus ( f10002001 )
Cybereason	malicious.656f16
TrendMicro	PE_VIRUX.O
BitDefenderTheta	AI:FileInfector.C9457D4313
Cyren	W32/Virut.E.gen!Eldorado
TotalDefense	Win32/Virut.17408
Baidu	Win32.Virus.Virut.gen
APEX	Malicious
Avast	Win32:GenMalicious-BKJ [Trj]
ClamAV	Win.Worm.Agent-5819819-0
GData	Win32.Virtob.Gen.12
Kaspersky	Virus.Win32.Virut.ce
Alibaba	Virus:Win32/Virut.5508c62e
NANO-Antivirus	Virus.Win32.Virut.hpeg
ViRobot	Win32.Virut.Gen.C
AegisLab	Virus.Win32.Virut.n!c
Tencent	Virus.Win32.Virut.Gen.200001
Ad-Aware	Win32.Virtob.Gen.12
Sophos	Troj/Nitol-AR
Comodo	Virus.Win32.Virut.CE@5jedjj
F-Secure	Trojan:W97M/MaliciousMacro.GEN
DrWeb	Win32.Virut.56
Zillya	Virus.Virut.Win32.1938
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.PWSGamania.cc
Trapmine	malicious.high.ml.score
Emsisoft	Win32.Virtob.Gen.12 (B)
Ikarus	Trojan-PWS.Win32.QQPass
F-Prot	W32/Virut.E.gen!Eldorado
Jiangmin	Win32/Virut.bt
MaxSecure	Virus.Virut.CE
Avira	W32/Virut.Gen
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Rootkit]/Win32.Lapka
Kingsoft	Win32.Virut.cr.61440
Endgame	malicious (high confidence)
Arcabit	Win32.Virtob.Gen.12
ZoneAlarm	Virus.Win32.Virut.ce
Microsoft	Virus:Win32/Virut.BO
AhnLab-V3	Win32/Virut.F
Acronis	suspicious
McAfee	W32/Virut.n.gen
TACHYON	Virus/W32.Virut.Gen
VBA32	Virus.Virut.14
Malwarebytes	Trojan.Agent
Panda	W32/Sality.AO
ESET-NOD32	Win32/Virut.NBP
TrendMicro-HouseCall	PE_VIRUX.O
Rising	Virus.Virut!1.A08B (CLOUD)
Yandex	Win32.Virut.AB.Gen
SentinelOne	DFI – Malicious PE
eGambit	Unsafe.AI_Score_100%
Fortinet	W32/Virut.CE
AVG	Win32:GenMalicious-BKJ [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Virus.Win32.VirutChangeEntry.A

How to remove Troj/Nitol-AR?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.