Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove TrojanSpy:Win32/Nivdort.CT From Your Computer

A new spyware type of Trojan has been reported by Microsoft to infect user systems. The trojan is reported to create multiple files in an infected computer that have different functions. The threat is primarily reported to steal sensitive user data, and this is why it is important to scan immediately your computer using and advanced anti-spyware software that will neutralize it, tutorial for which we have after this review.

Name TrojanSpy:Win32/Nivdort.CT
Type Spyware type of Trojan Horse
Short Description The trojan may perform various malicious activities ranging in negative impact for the user. It is mainly created to steal essential information.
Symptoms Users might experience slow PC, their firewall and antivirus may be shut down without any notifications.
Distribution Method Via spam mail, messages in online chats, comments on sites or even targeted attacks..
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by TrojanSpy:Win32/Nivdort.CT
User Experience Join our forum to discuss about TrojanSpy:Win32/Nivdort.CT.

SensorsTechForum-backdoor-trojan-horse-malware-ransomware-spread

TrojanSpy:Win32/Nivdort.CT – How Did I Get It

One way to find yourself to be a victim to this trojan is by giving someone direct unauthorized access to your computer. Another method of distribution this trojan uses is social media chats such as Facebook and other chat software like Skype. Furthermore, you may encounter malicious files or links attached to spam mail messages, stating they are a legitimate service(PayPal, eBay, Amazon, BestBuy). The file extensions you should beware of are:

.exe, .dll, .bat, .tmp

TrojanSpy:Win32/Nivdort.CT – More About It

For one particular situation, reported by Microsoft, the trojan may create files in the %SystemRoot% and %temp% folders of your Windows, named the following way:

  • isquvluidai.exe
  • nifikrwhie.exe
  • gugarm1ghrprkphmxym5.exe

Further reports indicate that this spyware type of threat uses a special code which is injected straight into running processes with the purpose to make the threat significantly more difficult to remove.

Regarding the payload of the trojan, its main purpose is to collect different important information from the infected computer. Such information is:

  • Live spying of the keys you type.
  • Monitoring of the programs you open.
  • Live access to your browsing history.
  • Collect any entered credit card credentials.
  • Steal user names as well as passwords.

Furthermore, the Trojan may initiate a phishing site that looks like a legitimate one. This means that it may fake your Facebook, PayPal and other websites` web page to collect the financial information you enter or your credentials.

Given the abilities of this trojan it may be devastating if the information is in the wrong hands. The information may either be sold or used to steal funds from your account.

More about this trojan, it has features that enable it to change the settings of your system. It mainly focuses on changing the behavior settings, such as:

  • Disabling Windows Firewall and its notifications in the Security Center of Windows.
  • Stopping Security Center`s antivirus detection notifications (Notifications that display when your antivirus is disabled).
  • After being activated and its payload being delivered, the Trojan may establish connection to a third-party host which is most likely the control center of the malware.
  • Microsoft has reported the following domains to connect via port 80 and be associated to this Trojan:

    • journeymeasure(.)net using port 80
    • sundaytomorrow(.)net using port 80
    • cloudtomorrow(.)net using port 80
    • quicktomorrow(.)net using port 80
    • darktomorrow(.)net using port 80
    • meattomorrow(.)net using port 80
    • mosttomorrow(.)net using port 80
    • sicktomorrow(.)net using port 80

    After connecting to a remote host, this trojan may gain full access to your PC, including:

    • Read and Write permissions.
    • Download files onto your Hard Drive.
    • Receive configuration information.
    • Receive other information about your system.(Location, certificates, etc.)
    • Validate certificates.

    Removing TrojanSpy:Win32/Nivdort.CT Completely

    In order to remove TrojanSpy:Win32/Nivdort.CT fully you must isolate the threat first. You can do this by stopping all third-party applications and booting into safe mode with networking. However, such Trojans always change registry settings and other system properties which may be challenging to be rid of. This is why you should follow the step by step manual below in order to successfully be rid of the spyware and other malware it may have downloaded onto your PC.

    1. Boot Your PC In Safe Mode to isolate and remove TrojanSpy:Win32/Nivdort.CT
    2. Remove TrojanSpy:Win32/Nivdort.CT with SpyHunter Anti-Malware Tool
    3. Remove TrojanSpy:Win32/Nivdort.CT with Malwarebytes Anti-Malware.
    4. Remove TrojanSpy:Win32/Nivdort.CT with STOPZilla AntiMalware
    5. Back up your data to secure it against infections by TrojanSpy:Win32/Nivdort.CT in the future
    NOTE! Substantial notification about the TrojanSpy:Win32/Nivdort.CT threat: Manual removal of TrojanSpy:Win32/Nivdort.CT requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

    Vencislav Krustev

    A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

    More Posts - Website

    Share on Facebook Share
    Loading...
    Share on Twitter Tweet
    Loading...
    Share on Google Plus Share
    Loading...
    Share on Linkedin Share
    Loading...
    Share on Digg Share
    Share on Reddit Share
    Loading...
    Share on Stumbleupon Share
    Loading...
    Please wait...

    Subscribe to our newsletter

    Want to be notified when our article is published? Enter your email address and name below to be the first to know.