Categories: Malware

Troj/Nitol-AR removal instruction

The Troj/Nitol-AR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Nitol-AR virus can do?

  • Executable code extraction
  • At least one process apparently crashed during execution
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • A process created a hidden window
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Turkish
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Code injection with CreateRemoteThread in a remote process
  • A process attempted to delay the analysis task by a long amount of time.
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Checks for the presence of known devices from debuggers and forensic tools
  • Creates a copy of itself
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Uses suspicious command line tools or Windows utilities

Related domains:

ilo.brenz.pl
zinoda.com
ant.trenz.pl
mfljwa.com
ftmypj.com
lpwwiu.com
tpfrfy.com
qhaixl.com
pudnze.com
jakaih.com
oxbthm.com
cmyvme.com
hkygpl.com
kozdim.com
dygzwa.com
lwoasu.com
oyaati.com
xzvmoj.com
elueax.com
bcoruq.com
aohgam.com
beekvu.com
ubglzo.com
eoybtc.com
glhxma.com
ihoeay.com
tegmhu.com
aqfqpq.com
bvqghi.com
ngaxaw.com
icuqyi.com
fyaujy.com
xclyuo.com
gydnxx.com
epeopi.com
ftgeqs.com
jsqxej.com
mruuyh.com
igyidt.com
nadula.com
arhwoi.com
yhuwto.com
afvshr.com
fxwmdc.com
aujkyx.com
nuoolo.com
uyexfs.com
hxohkr.com
hivlel.com
euchqu.com
crrycy.com
cfhvkd.com
ydaokl.com
vrayai.com
dpqbce.com
dtzdzi.com
ehetnj.com
fokhgj.com
btmsdi.com
bkwejo.com
pyqyiz.com
kfiugu.com
moiycf.com
cuibha.com
zowqmi.com
rcyalq.com
tzokkx.com
xybqlo.com
gfzizu.com
mjcxpy.com
loiznh.com
jskour.com
leiyiw.com
wlxpmi.com
lftopn.com
lhkazh.com
ukphpu.com
uaeaai.com
hzxain.com
jyfouu.com
laxrca.com
emautg.com
eeigee.com
nyfjxe.com
guayyf.com
gpoawd.com
einitm.com
zomedu.com
rbxofe.com
zeaihm.com
uhyeox.com
qtevfs.com
baalat.com
nsescr.com
nuyivi.com
ocaboc.com
alwwub.com
ueyxhu.com
uudple.com
kvidqu.com
vgndai.com
ewfvow.com

How to determine Troj/Nitol-AR?



File Info:

crc32: 5CC0E9CFmd5: c9c8d40656f16b4b50c9c08eb9a7aabcname: Cd.exesha1: b40d0705f0aaf86ecca03165118c88299baf6ffbsha256: 2aea443bcf9d86315722ce07d1f5a04bbb1afed14e54d9728da457fa2cdf5947sha512: 39e121f18ce9d3624fbc55b2344fbab74b6d61aee0c982ec23968ab9f6e098a9ee5d3f78573a6f30559a2e5e25d1e217e073f3ace8eca262d335f6866d93b4a3ssdeep: 12288:YRGPKEEgQBRtt/NXMTW9P1QpfXkHjA3bMi70yN9dLILecm6T6F:XKE9Gtt/hMTW9PWpfXz3bMi7bPdIKW2type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: InternalName: FileVersion: 1.0.0.4CompanyName: SynapticsLegalTrademarks: Comments: ProductName: Synaptics Pointing Device DriverProductVersion: 1.0.0.0FileDescription: Synaptics Pointing Device DriverOriginalFilename: Translation: 0x041f 0x04e6

Troj/Nitol-AR also known as:

Bkav W32.Vetor.PE
MicroWorld-eScan Win32.Virtob.Gen.12
FireEye Generic.mg.c9c8d40656f16b4b
Cylance Unsafe
VIPRE Virus.Win32.Virut.ce.5 (v)
Sangfor Malware
K7AntiVirus Virus ( f10002001 )
BitDefender Win32.Virtob.Gen.12
K7GW Virus ( f10002001 )
Cybereason malicious.656f16
TrendMicro PE_VIRUX.O
BitDefenderTheta AI:FileInfector.C9457D4313
Cyren W32/Virut.E.gen!Eldorado
TotalDefense Win32/Virut.17408
Baidu Win32.Virus.Virut.gen
APEX Malicious
Avast Win32:GenMalicious-BKJ [Trj]
ClamAV Win.Worm.Agent-5819819-0
GData Win32.Virtob.Gen.12
Kaspersky Virus.Win32.Virut.ce
Alibaba Virus:Win32/Virut.5508c62e
NANO-Antivirus Virus.Win32.Virut.hpeg
ViRobot Win32.Virut.Gen.C
AegisLab Virus.Win32.Virut.n!c
Tencent Virus.Win32.Virut.Gen.200001
Ad-Aware Win32.Virtob.Gen.12
Sophos Troj/Nitol-AR
Comodo Virus.Win32.Virut.CE@5jedjj
F-Secure Trojan:W97M/MaliciousMacro.GEN
DrWeb Win32.Virut.56
Zillya Virus.Virut.Win32.1938
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.PWSGamania.cc
Trapmine malicious.high.ml.score
Emsisoft Win32.Virtob.Gen.12 (B)
Ikarus Trojan-PWS.Win32.QQPass
F-Prot W32/Virut.E.gen!Eldorado
Jiangmin Win32/Virut.bt
MaxSecure Virus.Virut.CE
Avira W32/Virut.Gen
MAX malware (ai score=100)
Antiy-AVL Trojan[Rootkit]/Win32.Lapka
Kingsoft Win32.Virut.cr.61440
Endgame malicious (high confidence)
Arcabit Win32.Virtob.Gen.12
ZoneAlarm Virus.Win32.Virut.ce
Microsoft Virus:Win32/Virut.BO
AhnLab-V3 Win32/Virut.F
Acronis suspicious
McAfee W32/Virut.n.gen
TACHYON Virus/W32.Virut.Gen
VBA32 Virus.Virut.14
Malwarebytes Trojan.Agent
Panda W32/Sality.AO
ESET-NOD32 Win32/Virut.NBP
TrendMicro-HouseCall PE_VIRUX.O
Rising Virus.Virut!1.A08B (CLOUD)
Yandex Win32.Virut.AB.Gen
SentinelOne DFI – Malicious PE
eGambit Unsafe.AI_Score_100%
Fortinet W32/Virut.CE
AVG Win32:GenMalicious-BKJ [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Virus.Win32.VirutChangeEntry.A

How to remove Troj/Nitol-AR?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: afvshr.comalwwub.comant.trenz.plaohgam.comaqfqpq.comarhwoi.comaujkyx.combaalat.combcoruq.combeekvu.combkwejo.combtmsdi.combvqghi.comcfhvkd.comcmyvme.comcrrycy.comcuibha.comdpqbce.comdtzdzi.comdygzwa.comeeigee.comehetnj.comeinitm.comelueax.comemautg.comeoybtc.comepeopi.comeuchqu.comewfvow.comfokhgj.comftgeqs.comftmypj.comfxwmdc.comfyaujy.comgfzizu.comglhxma.comgpoawd.comguayyf.comgydnxx.comhivlel.comhkygpl.comhxohkr.comhzxain.comicuqyi.comigyidt.comihoeay.comilo.brenz.pljakaih.comjskour.comjsqxej.comjyfouu.comkfiugu.comkozdim.comkvidqu.comlaxrca.comleiyiw.comlftopn.comlhkazh.comloiznh.comlpwwiu.comlwoasu.commfljwa.commjcxpy.commoiycf.commruuyh.comnadula.comngaxaw.comnsescr.comnuoolo.comnuyivi.comnyfjxe.comocaboc.comoxbthm.comoyaati.compudnze.compyqyiz.comqhaixl.comqtevfs.comrbxofe.comrcyalq.comtegmhu.comtpfrfy.comTroj/Nitol-ARtzokkx.comuaeaai.comubglzo.comueyxhu.comuhyeox.comukphpu.comuudple.comuyexfs.comvgndai.comvrayai.comwlxpmi.comxclyuo.comxybqlo.comxzvmoj.comydaokl.comyhuwto.comzeaihm.comzinoda.comzomedu.comzowqmi.com
4 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago