Home / malware DDoS:Win32/Nitol.J
First posted on 31 August 2015.
Source: MicrosoftAliases :
There are no other names known for DDoS:Win32/Nitol.J.
Explanation :
Threat behavior
Installation
This threat can create files on your PC, including:
- c:\1.exe
Payload
Uses your PC in DDoS attacks
This threat can use your PC to conduct distributed denial of service (DDoS) attacks.
During an attack, your Internet connection might run slower than usual.
Connects to a remote host
We have seen this threat connect to a remote host, including:Malware can connect to a remote host to do any of the following:
- a.config.skype.com using port 53
93940916.f3322.net using port 3333
- Check for an Internet connection
- Download and run files (including updates or other malware)
- Report a new infection to its author
- Receive configuration or other data
- Receive instructions from a malicious hacker
- Search for your PC location
- Upload information taken from your PC
- Validate a digital certificate
This malware description was published using automated analysis of file SHA1 88517b1a19537b86b2513a12401891d2a558a5e3.
Symptoms
The following can indicate that you have this threat on your PC:
- You see a file similar to:
- c:\1.exe
- You see registry modifications such as:
- In subkey: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
Sets value: "PendingFileRenameOperations"
With data: "c:\1.exe"
- In subkey: HKLM\System\CurrentControlSet\Control\Session Manager
Sets value: "PendingFileRenameOperations"
With data: "c:\1.exe#R##N#\??\%ProgramData%\microsoft\windows\start menu\programs\startup\scvost.bat " Last update 31 August 2015
