Categories: Trojan

How to remove “Trojan:Win32/Nitol.RA!MTB”?

The Trojan:Win32/Nitol.RA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Trojan:Win32/Nitol.RA!MTB virus can do?

Reads data out of its own binary image
CAPE extracted potentially suspicious content
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX
Authenticode signature is invalid
Creates a copy of itself
Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Nitol.RA!MTB?


File Info:
name: 15BB0217491E7C0F3DE4.mlwpath: /opt/CAPEv2/storage/binaries/7d4a12a2a46cc4721e9d5efa8afcbb7eb032e1744aa9383166b8e9183d6a98d6crc32: B203004Emd5: 15bb0217491e7c0f3de416d71e9b42dbsha1: 13dbf74658f64b68f759c61d0cfba01e702f0c8bsha256: 7d4a12a2a46cc4721e9d5efa8afcbb7eb032e1744aa9383166b8e9183d6a98d6sha512: 0f169663525579077b1abe216fea33b6430b816d65b9fe6d704ab48ac3fab145317624f1e6a13ea267b78391ff1b8f27f3569ff880eef3f812d62b139143f47fssdeep: 384:CbI0+Fkm7SWZZYO5uez+b+hCNzfdZvJQ9piwtZypRGD7mxcb3Rm0xDbzT+XWh9mo:CbI0+FNSW3YO5z+b+hCFfHJkQp6uI3txtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T18DB2BF6237E42B07E58F93340E3E9B061AA9BC14ED60877E6AC502DF493D6205ED4D37sha3_384: f11e414d06aa6c964e074c22bb3447877378c53d644a92376416e44ae572a1384fabbec076e3d5b7a267fae3500a48aaep_bytes: 60be00c040008dbe0050ffff5783cdfftimestamp: 2017-04-18 09:10:22
Version Info:
Comments: CompanyName: Microsoft CorporationFileDescription: Windows Enhanced Storage Password Authentication ProgramFileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)InternalName: LegalCopyright: ? Microsoft Corporation. All rights reserved.LegalTrademarks: OriginalFilename: EhStorAuthn.exePrivateBuild: ProductName: Microsoft? Windows? Operating SystemProductVersion: 6.1.7600.16385SpecialBuild: Translation: 0x0804 0x04b0

Trojan:Win32/Nitol.RA!MTB also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.PornoBlocker.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Trojan.GenericKD.65102892
ClamAV	Win.Malware.Nitol-6802818-0
CAT-QuickHeal	Trojan.GenericRI.S17164152
McAfee	GenericRXAA-AA!15BB0217491E
Cylance	unsafe
Zillya	Trojan.PornoBlocker.Win32.12249
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005376ae1 )
Alibaba	Trojan:Win32/PornoBlocker.e1a5de93
K7GW	Trojan ( 005376ae1 )
CrowdStrike	win/malicious_confidence_100% (W)
Baidu	Win32.Trojan.ServStart.ax
Cyren	W32/Nitol.AC.gen!Eldorado
Symantec	Backdoor.Nitol
ESET-NOD32	Win32/Agent.RMM
Zoner	Trojan.Win32.80438
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Ransom.Win32.PornoBlocker.ejtx
BitDefender	Trojan.GenericKD.65102892
NANO-Antivirus	Trojan.Win32.MicroFake.cchebz
Avast	Win32:Nitol-A [Trj]
Tencent	Trojan.Win32.Lapka.bw
Emsisoft	Trojan.GenericKD.65102892 (B)
F-Secure	Trojan.TR/ATRAPS.hrva.12
DrWeb	Trojan.DownLoader18.16955
VIPRE	Trojan.GenericKD.65102892
TrendMicro	DDoS.Win32.NITOL.SMG
McAfee-GW-Edition	BehavesLike.Win32.Fake.mc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.15bb0217491e7c0f
Sophos	Mal/Behav-160
SentinelOne	Static AI – Malicious PE
GData	Win32.Trojan.Microfake.A
Jiangmin	Trojan.PornoBlocker.eq
Avira	TR/ATRAPS.hrva.12
MAX	malware (ai score=87)
Antiy-AVL	Trojan[Ransom]/Win32.PornoBlocker
Xcitium	TrojWare.Win32.Nitol.KA@6cq5hu
Arcabit	Trojan.Generic.D3E1642C
SUPERAntiSpyware	Trojan.Agent/Gen-FakeMS
ZoneAlarm	Trojan-Ransom.Win32.PornoBlocker.ejtx
Microsoft	Trojan:Win32/Nitol.RA!MTB
Google	Detected
AhnLab-V3	Trojan/Win32.Nitol.R299383
Acronis	suspicious
VBA32	BScope.Trojan.Scar
ALYac	Trojan.GenericKD.65102892
TACHYON	Ransom/W32.PornoBlocker.51200
Malwarebytes	Generic.Trojan.Malicious.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	DDoS.Win32.NITOL.SMG
Rising	Ransom.PornoBlocker!8.24E (TFE:5:aRUGX3mUndE)
Yandex	Trojan.GenAsa!H41PVEbKGsY
Ikarus	Trojan.Win32.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.RMM!tr
BitDefenderTheta	AI:Packer.BEDDC0C01F
AVG	Win32:Nitol-A [Trj]
Cybereason	malicious.7491e7
DeepInstinct	MALICIOUS