What is "TrojanSpy:Win32/Nivdort.DE"?

The TrojanSpy:Win32/Nivdort.DE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What TrojanSpy:Win32/Nivdort.DE virus can do?

Expresses interest in specific running processes
Reads data out of its own binary image
Drops a binary and executes it
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Performs some HTTP requests
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself

Related domains:

z.whorecord.xyz

a.tomx.xyz

crowdanother.net

summerbusiness.net

crowdbusiness.net

summerappear.net

crowdappear.net

thoughtmanner.net

watermanner.net

thoughtanother.net

wateranother.net

thoughtbusiness.net

waterbusiness.net

thoughtappear.net

waterappear.net

womanmanner.net

smokemanner.net

womananother.net

smokeanother.net

womanbusiness.net

smokebusiness.net

womanappear.net

smokeappear.net

partymanner.net

fightmanner.net

partyanother.net

fightanother.net

partybusiness.net

fightbusiness.net

partyappear.net

fightappear.net

freshinstead.net

experienceinstead.net

freshexplain.net

experienceexplain.net

freshbright.net

experiencebright.net

freshinside.net

experienceinside.net

gentlemaninstead.net

alreadyinstead.net

gentlemanexplain.net

alreadyexplain.net

gentlemanbright.net

alreadybright.net

gentlemaninside.net

alreadyinside.net

followinstead.net

memberinstead.net

followexplain.net

memberexplain.net

followbright.net

memberbright.net

followinside.net

memberinside.net

begininstead.net

knowninstead.net

beginexplain.net

knownexplain.net

beginbright.net

knownbright.net

begininside.net

knowninside.net

summerinstead.net

crowdinstead.net

summerexplain.net

crowdexplain.net

summerbright.net

crowdbright.net

summerinside.net

crowdinside.net

thoughtinstead.net

waterinstead.net

thoughtexplain.net

waterexplain.net

thoughtbright.net

waterbright.net

thoughtinside.net

waterinside.net

womaninstead.net

smokeinstead.net

womanexplain.net

smokeexplain.net

womanbright.net

smokebright.net

womaninside.net

smokeinside.net

partyinstead.net

fightinstead.net

partyexplain.net

fightexplain.net

partybright.net

fightbright.net

partyinside.net

fightinside.net

freshready.net

experienceready.net

freshbrown.net

experiencebrown.net

freshpeople.net

experiencepeople.net

freshdaughter.net

experiencedaughter.net

gentlemanready.net

alreadyready.net

gentlemanbrown.net

alreadybrown.net

gentlemanpeople.net

alreadypeople.net

gentlemandaughter.net

alreadydaughter.net

followready.net

memberready.net

followbrown.net

memberbrown.net

followpeople.net

memberpeople.net

followdaughter.net

memberdaughter.net

beginready.net

knownready.net

beginbrown.net

knownbrown.net

beginpeople.net

knownpeople.net

begindaughter.net

knowndaughter.net

summerready.net

crowdready.net

summerbrown.net

crowdbrown.net

summerpeople.net

crowdpeople.net

summerdaughter.net

crowddaughter.net

thoughtready.net

waterready.net

thoughtbrown.net

waterbrown.net

thoughtpeople.net

waterpeople.net

thoughtdaughter.net

waterdaughter.net

womanready.net

smokeready.net

womanbrown.net

smokebrown.net

womanpeople.net

smokepeople.net

womandaughter.net

smokedaughter.net

partyready.net

fightready.net

partybrown.net

fightbrown.net

partypeople.net

fightpeople.net

partydaughter.net

fightdaughter.net

freshnation.net

experiencenation.net

freshsoldier.net

experiencesoldier.net

freshplease.net

experienceplease.net

freshcondition.net

experiencecondition.net

gentlemannation.net

alreadynation.net

gentlemansoldier.net

alreadysoldier.net

gentlemanplease.net

How to determine TrojanSpy:Win32/Nivdort.DE?


File Info:
crc32: EA83004C
md5: fd4dc24924b3e1d15bb78a854984469e
name: FD4DC24924B3E1D15BB78A854984469E.mlw
sha1: 5a2455ec79d37f32eff74cf53a7888b4cd999165
sha256: 10e707bb2453baa82bcef7a2a82fa139b5c6805735227b4dbb7885a2ebde1a96
sha512: c98d104b4b1de032a70c2593f01cf2842f359c45e5fff8a287540dee0a248a68edbcbae7007ce1157dbd423124dc7aee60bb3131e8e0560db9507f8289e49f0c
ssdeep: 12288:MzIffumcGv8bZuugtaTslkSiuK4IfIdptg6QtxdIEeUtatQ:MkfEG8lDQlkyKfIEeUtatQ
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
0: [No Data]

TrojanSpy:Win32/Nivdort.DE also known as:

Bkav	W32.AIDetect.malware1
K7AntiVirus	Trojan ( 004da8bd1 )
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanSpy.Nivdort.DR3
ALYac	Gen:Variant.Razy.11645
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	TrojanSpy:Win32/Nivdort.b4547e4f
K7GW	Trojan ( 004d977f1 )
Cybereason	malicious.924b3e
Baidu	Win32.Trojan.Generic.bd
Cyren	W32/Trojan.GG.gen!Eldorado
Symantec	Trojan.Bayrob!gen6
ESET-NOD32	a variant of Win32/Bayrob.AK
APEX	Malicious
Avast	Win32:Evo-gen [Susp]
Kaspersky	HEUR:Trojan.Win32.Bayrob.pef
BitDefender	Gen:Variant.Razy.11645
NANO-Antivirus	Trojan.Win32.Dwn.dzjdph
MicroWorld-eScan	Gen:Variant.Razy.11645
Ad-Aware	Gen:Variant.Razy.11645
Sophos	ML/PE-A + Troj/Nivdort-BV
BitDefenderTheta	AI:Packer.2EE6429C1E
TrendMicro	TROJ_BAYROB.SM3
McAfee-GW-Edition	BehavesLike.Win32.Generic.jh
FireEye	Generic.mg.fd4dc24924b3e1d1
Emsisoft	Gen:Variant.Razy.11645 (B)
SentinelOne	Static AI – Suspicious PE
Avira	HEUR/AGEN.1111157
eGambit	Unsafe.AI_Score_98%
Microsoft	TrojanSpy:Win32/Nivdort.DE
ZoneAlarm	HEUR:Trojan.Win32.Bayrob.pef
GData	Gen:Variant.Razy.11645
AhnLab-V3	Trojan/Win32.Blocker.C1313903
McAfee	Trojan-FHOH!FD4DC24924B3
MAX	malware (ai score=88)
VBA32	BScope.TrojanSpy.Nivdort
Malwarebytes	Trojan.Bayrob.Generic
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_BAYROB.SM3
Rising	Trojan.Generic@ML.100 (RDML:+yzTsok0lUroVRBRD21+yw)
Ikarus	Trojan.Bayrob
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Bayrob.AQ!tr
AVG	Win32:Evo-gen [Susp]
Paloalto	generic.ml

How to remove TrojanSpy:Win32/Nivdort.DE?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.