Home Blog

Backdoor.Nflog Removal Program – How to Wipe off Backdoor.Nflog instantly

Posted by in Blog backdoor trojan
on December 20th, 2012 | Leave a comment

Backdoor.Nflog is a backdoor Trojan like Backdoor.Arcomrat used to introduce other pc threats to the compromised computer. The Trojan can be downloaded to a computer via spam link, p2p software, spam email and other malware. After the Trojan invades a computer, it will exploit the system security flaw and open a back door for hackers to access the system randomly. Meanwhile, Backdoor.Nflog damages the computer by changing system settings, modifying HOST files, inserting malicious codes to running processes and deleting files. When the Trojan downloads additional malware from certain domains, your antivirus may fail to detect them. If you get annoying pop-up when surfing the internet, it is likely the backdoor Trojan also monitors the computer and steal sensitive information. Do you want to remove Backdoor.Nflog instantly? We sum up two removal methods here.

Method one: manual removal
According to our analysis, we found out the files and registry entries created by the backdoor Trojan. If you can remove them completely, you get a chance to wipe off the infection. Before you start, you should know the risks in manual way especially modifying windows registry.

Backdoor.Nflog technical details
1. Related files
%CommonProgramFiles%\Driver\IntelAMTPP.dll
2. Related registry entries

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\”NextInstance” = “1″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\0000\”Class” = “LegacyDriver”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\0000\”ClassGUID” = “{8ECC055D-047F-11D1-A537-0000F8753ED1}”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\0000\”ConfigFlags” = “0″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\0000\”DeviceDesc” = “WmdmPmSp”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\0000\”Legacy” = “1″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMDMPMSP\0000\”Service” = “WmdmPmSp”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\”Description” = “Windows Infrared Port Monitor.”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\”ErrorControl” = “1″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\”ImagePath” = “%SystemRoot%\System32\svchost.exe -k netsvcs”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\”ObjectName” = “LocalSystem”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\”Start” = “2″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\”Type” = “32″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Parameters\”ServiceDll” = “%ProgramFiles%\Common Program Files\Driver\IntelAMTPP.dll”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSp\Security\”Security” = “[BINARY DATA]“

Method two: Backdoor.Nflog removal program
Do you think it is time-consuming to find out so many registry entries? Are you afraid of damaging the computer? Do you want to remove the Trojan quickly and safely? A professional antivirus program can take care of the infected computer effectively. You need to download a professional virus removal program and run a full scan. After the scan, Backdoor.Nflog will be picked up and you can click a remove button to get rid of the infection once for all. Meanwhile, the program can pick up malicious malware accessing your computer via the backdoor while the manual removal can only wipe off the backdoor virus.

Since Backdoor.Nflog is one of the latest Trojans, some antivirus program still do not have detection on it. To remove the Trojan, we recommend you to use an advanced antispyware program called Spyware Cease. After removing Backdoor.Nflog, you can use the system vulnerability repair to further protect your computer.

Leave a Reply