Spy Trojan

TrojanSpy:Win32/Nivdort removal guide

Malware Removal

The TrojanSpy:Win32/Nivdort is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What TrojanSpy:Win32/Nivdort virus can do?

  • A process attempted to delay the analysis task.
  • Starts servers listening on 127.0.0.1:35978, 127.0.0.1:21701
  • Expresses interest in specific running processes
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file
  • Likely virus infection of existing system binary
  • Creates a copy of itself
  • Attempts to modify or disable Security Center warnings

How to determine TrojanSpy:Win32/Nivdort?



File Info:

crc32: EA247474
md5: 4242ddfe6ff77f4e2f66eaa933934d07
name: 4242DDFE6FF77F4E2F66EAA933934D07.mlw
sha1: 12c7945276c0bc534b3b3dc111965ee6935d90b5
sha256: f91056206d29ad98c5f6156909564ef3c393eeadfeea4fc4058957e35cd76712
sha512: 879cfed846bbf021cf5602c763cee2d8c6753c61b389a93403ceb2f0b1d0f57bf7e5d2916a0750c0c0ec012c0f2c92f511286ae02c4852d8810dd111ec8776b2
ssdeep: 24576:pKVG5STVIChzyPteNT77kDYq9WmRnxfJB3:psp8mqRWM53
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

TrojanSpy:Win32/Nivdort also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
FireEyeGeneric.mg.4242ddfe6ff77f4e
McAfeeGenericRXEX-JR!4242DDFE6FF7
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
AegisLabTrojan.Win32.Generic.4!c
SangforMalware
K7AntiVirusTrojan ( 004f8fbb1 )
BitDefenderGen:Variant.Zusy.179369
K7GWTrojan ( 004f8fbb1 )
Cybereasonmalicious.e6ff77
BaiduWin32.Trojan.Bayrob.c
CyrenW32/BayRob.M.gen!Eldorado
SymantecTrojan.Gen
APEXMalicious
AvastWin32:Malware-gen
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
NANO-AntivirusTrojan.Win32.Nivdort.efvnrk
MicroWorld-eScanGen:Variant.Zusy.179369
TencentWin32.Trojan.Generic.Pabq
Ad-AwareGen:Variant.Zusy.179369
SophosML/PE-A + Mal/Bayrob-C
ComodoMalware@#3pc3d4sozavms
F-SecureHeuristic.HEUR/AGEN.1119071
DrWebTrojan.DownLoader23.43751
ZillyaTrojan.Bayrob.Win32.21727
McAfee-GW-EditionBehavesLike.Win32.Generic.tc
EmsisoftGen:Variant.Zusy.179369 (B)
IkarusTrojan.Win32.Bayrob
JiangminTrojan.Generic.aiguv
AviraHEUR/AGEN.1119071
MAXmalware (ai score=89)
Antiy-AVLTrojan/Win32.AGeneric
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftTrojanSpy:Win32/Nivdort
ArcabitTrojan.Zusy.D2BCA9
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zusy.179369
AhnLab-V3Trojan/Win32.Nivdort.C1321145
Acronissuspicious
BitDefenderThetaAI:Packer.566EDBFA1E
ALYacGen:Variant.Zusy.179369
VBA32BScope.Trojan.Nivdort
MalwarebytesTrojan.Bayrob.Generic
PandaTrj/Genetic.gen
ESET-NOD32a variant of Win32/Bayrob.BL
RisingTrojan.Bayrob!8.FB (TFE:5:MdTbjoz9VDK)
YandexTrojan.GenAsa!Z0VCu/yr+60
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Bayrob.BL!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
Qihoo-360Win32/Trojan.f19

How to remove TrojanSpy:Win32/Nivdort?

TrojanSpy:Win32/Nivdort removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment