TrojanSpy:Win32/Nivdort.DG

The following can indicate that you have this threat on your PC:

• You see a file similar to:
  • c:\plnrjiteazpmvv\bwkakkkw.exe
  • c:\plnrjiteazpmvv\lqngvcnzww.exe
  • c:\plnrjiteazpmvv\vhy1zoqhwmnkrtqikub.exe

• You see registry modifications such as:
• In subkey: HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage
  Sets value: "Bind"
  With data: "\device\smb_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\smb_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\smb_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\smb_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\smb_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\smb_tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\smb_tcpip_{a641c122-d730-4ec8-bc62-a450799c6417}<eos>#R##N#\device\s"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage
  Sets value: "Export"
  With data: "\device\lanmanserver_smb_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\lanmanserver_smb_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\lanmanserver_smb_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\lanmanserver_smb_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\lanmanserver_smb_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\lanmanserver_smb_tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\LanmanServer\Linkage
  Sets value: "Route"
  With data: ""smb" "tcpip" "{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}"<eos>#R##N#"smb" "tcpip" "{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}"<eos>#R##N#"smb" "tcpip" "{afbf3695-6819-4001-a4ce-ff408f2d8a1b}"<eos>#R##N#"smb" "tcpip" "{f5ad825a-8d50-4deb-b719-77b07218011f}"<eos>#R##N#"smb" "tcpip" "{959992c9-54fd-4b0a-ab6c-ff1518d82258}"<eos>#R##N#"smb" "tcpip" "{a61f17e8-a9ab-40e8-b564-db4582c819dd}"<eos>#R##N#"smb" "tcpip" "{a641c122-d730-4ec8-bc62-a450799c6417}"<eos>#R##N#"smb" "tcpip" "{838c622"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Linkage
  Sets value: "Bind"
  With data: "\device\smb_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\smb_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\smb_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\smb_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\smb_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\smb_tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\smb_tcpip_{a641c122-d730-4ec8-bc62-a450799c6417}<eos>#R##N#\device\s"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Linkage
  Sets value: "Export"
  With data: "\device\lanmanworkstation_smb_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\lanmanworkstation_smb_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\lanmanworkstation_smb_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\lanmanworkstation_smb_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\lanmanworkstation_smb_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\lanmanworkstation_smb_tcpip_{a61f17e8"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Linkage
  Sets value: "Route"
  With data: ""smb" "tcpip" "{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}"<eos>#R##N#"smb" "tcpip" "{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}"<eos>#R##N#"smb" "tcpip" "{afbf3695-6819-4001-a4ce-ff408f2d8a1b}"<eos>#R##N#"smb" "tcpip" "{f5ad825a-8d50-4deb-b719-77b07218011f}"<eos>#R##N#"smb" "tcpip" "{959992c9-54fd-4b0a-ab6c-ff1518d82258}"<eos>#R##N#"smb" "tcpip" "{a61f17e8-a9ab-40e8-b564-db4582c819dd}"<eos>#R##N#"smb" "tcpip" "{a641c122-d730-4ec8-bc62-a450799c6417}"<eos>#R##N#"smb" "tcpip" "{838c622"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Ndis\IfTypes\131
  Sets value: "IfType"
  With data: "0x00000083"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Ndis\IfTypes\131
  Sets value: "IfUsedNetLuidIndices"
  With data: "7f ."
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage
  Sets value: "Bind"
  With data: "\device\netbt_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\netbt_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\netbt_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\netbt_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\netbt_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\netbt_tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\netbt_tcpip_{a641c122-d730-4ec8-bc62-a450799c6417}<e"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage
  Sets value: "Export"
  With data: "\device\netbios_netbt_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\netbios_netbt_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\netbios_netbt_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\netbios_netbt_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\netbios_netbt_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\netbios_netbt_tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\netb"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\NetBios\Linkage
  Sets value: "LanaMap"
  With data: "01 22 01 20 01 1d 01 1b 01 19 01 17 01 15 01 13 .". ............#R##N#01 11 01 0f 01 0d 01 0b 01 09 01 07 01 05 01 03 ................#R##N#01 00 01 24 01 23 01 21 01 1f 01 1e 01 1c 01 1a ...$.#.!........#R##N#01 18 01 16 01 14 01 12 01 10 01 0e 01 0c 01 0a ................#R##N#01 08 01 06 01 04 01 01 01 02 .........."
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage
  Sets value: "Route"
  With data: ""netbt" "tcpip" "{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}"<eos>#R##N#"netbt" "tcpip" "{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}"<eos>#R##N#"netbt" "tcpip" "{afbf3695-6819-4001-a4ce-ff408f2d8a1b}"<eos>#R##N#"netbt" "tcpip" "{f5ad825a-8d50-4deb-b719-77b07218011f}"<eos>#R##N#"netbt" "tcpip" "{959992c9-54fd-4b0a-ab6c-ff1518d82258}"<eos>#R##N#"netbt" "tcpip" "{a61f17e8-a9ab-40e8-b564-db4582c819dd}"<eos>#R##N#"netbt" "tcpip" "{a641c122-d730-4ec8-bc62-a450799c6417}"<eos>#R##N#"netbt" ""
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\NetBIOS\Parameters
  Sets value: "MaxLana"
  With data: "0x00000024"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\NetBT\Linkage
  Sets value: "Bind"
  With data: "\device\tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\tcpip_{a641c122-d730-4ec8-bc62-a450799c6417}<eos>#R##N#\device\tcpip_{838c6227-8b3d-4cd0-820"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Smb\Linkage
  Sets value: "Bind"
  With data: "\device\tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\tcpip_{a641c122-d730-4ec8-bc62-a450799c6417}<eos>#R##N#\device\tcpip_{838c6227-8b3d-4cd0-820"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Smb\Linkage
  Sets value: "Export"
  With data: "\device\smb_tcpip_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\smb_tcpip_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\smb_tcpip_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\smb_tcpip_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\smb_tcpip_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\smb_tcpip_{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\smb_tcpip_{a641c122-d730-4ec8-bc62-a450799c6417}<eos>#R##N#\device\s"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Smb\Linkage
  Sets value: "Route"
  With data: ""tcpip" "{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}"<eos>#R##N#"tcpip" "{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}"<eos>#R##N#"tcpip" "{afbf3695-6819-4001-a4ce-ff408f2d8a1b}"<eos>#R##N#"tcpip" "{f5ad825a-8d50-4deb-b719-77b07218011f}"<eos>#R##N#"tcpip" "{959992c9-54fd-4b0a-ab6c-ff1518d82258}"<eos>#R##N#"tcpip" "{a61f17e8-a9ab-40e8-b564-db4582c819dd}"<eos>#R##N#"tcpip" "{a641c122-d730-4ec8-bc62-a450799c6417}"<eos>#R##N#"tcpip" "{838c6227-8b3d-4cd0-820c-42be62684f93}"<eos>#R##N#"tcpip" "{"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Tcpip6\Linkage
  Sets value: "Bind"
  With data: "\device\{cc3db877-3743-4739-815c-58f6674a390d}<eos>#R##N#\device\{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\{65d07d09-b845-4c3e-9f82-448738cbe795}<eos>#R##N#\device\{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\{a61f17e8-a9ab-40e8-b564-db4582c819dd}<eos>#R##N#\device\{a641c122-d730-4ec"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Tcpip6\Linkage
  Sets value: "Export"
  With data: "\device\tcpip6_{cc3db877-3743-4739-815c-58f6674a390d}<eos>#R##N#\device\tcpip6_{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}<eos>#R##N#\device\tcpip6_{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}<eos>#R##N#\device\tcpip6_{65d07d09-b845-4c3e-9f82-448738cbe795}<eos>#R##N#\device\tcpip6_{afbf3695-6819-4001-a4ce-ff408f2d8a1b}<eos>#R##N#\device\tcpip6_{f5ad825a-8d50-4deb-b719-77b07218011f}<eos>#R##N#\device\tcpip6_{959992c9-54fd-4b0a-ab6c-ff1518d82258}<eos>#R##N#\device\tcpip6_{a61f17e8-a9ab-"
  
  
• In subkey: HKLM\System\CurrentControlSet\Services\Tcpip6\Linkage
  Sets value: "Route"
  With data: ""{cc3db877-3743-4739-815c-58f6674a390d}"<eos>#R##N#"{c9421e55-f44a-4c6b-86b6-b92631fcbbcd}"<eos>#R##N#"{12344c9d-cf1a-4ffc-a413-05408f2bc0d7}"<eos>#R##N#"{65d07d09-b845-4c3e-9f82-448738cbe795}"<eos>#R##N#"{afbf3695-6819-4001-a4ce-ff408f2d8a1b}"<eos>#R##N#"{f5ad825a-8d50-4deb-b719-77b07218011f}"<eos>#R##N#"{959992c9-54fd-4b0a-ab6c-ff1518d82258}"<eos>#R##N#"{a61f17e8-a9ab-40e8-b564-db4582c819dd}"<eos>#R##N#"{a641c122-d730-4ec8-bc62-a450799c6417}"<eos>#R##N#"{838c6227-8b3d-4cd0-820c-4"