Remove TrojanSpy:Win32/Nivdort.CT From Your Computer - How to, Technology and PC Security Forum |

Remove TrojanSpy:Win32/Nivdort.CT From Your Computer

A new spyware type of Trojan has been reported by Microsoft to infect user systems. The trojan is reported to create multiple files in an infected computer that have different functions. The threat is primarily reported to steal sensitive user data, and this is why it is important to scan immediately your computer using and advanced anti-spyware software that will neutralize it, tutorial for which we have after this review.

TypeSpyware type of Trojan Horse
Short DescriptionThe trojan may perform various malicious activities ranging in negative impact for the user. It is mainly created to steal essential information.
SymptomsUsers might experience slow PC, their firewall and antivirus may be shut down without any notifications.
Distribution MethodVia spam mail, messages in online chats, comments on sites or even targeted attacks..
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by TrojanSpy:Win32/Nivdort.CT
User ExperienceJoin our forum to discuss about TrojanSpy:Win32/Nivdort.CT.


TrojanSpy:Win32/Nivdort.CT – How Did I Get It

One way to find yourself to be a victim to this trojan is by giving someone direct unauthorized access to your computer. Another method of distribution this trojan uses is social media chats such as Facebook and other chat software like Skype. Furthermore, you may encounter malicious files or links attached to spam mail messages, stating they are a legitimate service(PayPal, eBay, Amazon, BestBuy). The file extensions you should beware of are:

.exe, .dll, .bat, .tmp

TrojanSpy:Win32/Nivdort.CT – More About It

For one particular situation, reported by Microsoft, the trojan may create files in the %SystemRoot% and %temp% folders of your Windows, named the following way:

  • isquvluidai.exe
  • nifikrwhie.exe
  • gugarm1ghrprkphmxym5.exe

Further reports indicate that this spyware type of threat uses a special code which is injected straight into running processes with the purpose to make the threat significantly more difficult to remove.

Regarding the payload of the trojan, its main purpose is to collect different important information from the infected computer. Such information is:

  • Live spying of the keys you type.
  • Monitoring of the programs you open.
  • Live access to your browsing history.
  • Collect any entered credit card credentials.
  • Steal user names as well as passwords.

Furthermore, the Trojan may initiate a phishing site that looks like a legitimate one. This means that it may fake your Facebook, PayPal and other websites` web page to collect the financial information you enter or your credentials.

Given the abilities of this trojan it may be devastating if the information is in the wrong hands. The information may either be sold or used to steal funds from your account.

More about this trojan, it has features that enable it to change the settings of your system. It mainly focuses on changing the behavior settings, such as:

  • Disabling Windows Firewall and its notifications in the Security Center of Windows.
  • Stopping Security Center`s antivirus detection notifications (Notifications that display when your antivirus is disabled).
  • After being activated and its payload being delivered, the Trojan may establish connection to a third-party host which is most likely the control center of the malware.
  • Microsoft has reported the following domains to connect via port 80 and be associated to this Trojan:

    • journeymeasure(.)net using port 80
    • sundaytomorrow(.)net using port 80
    • cloudtomorrow(.)net using port 80
    • quicktomorrow(.)net using port 80
    • darktomorrow(.)net using port 80
    • meattomorrow(.)net using port 80
    • mosttomorrow(.)net using port 80
    • sicktomorrow(.)net using port 80

    After connecting to a remote host, this trojan may gain full access to your PC, including:

    • Read and Write permissions.
    • Download files onto your Hard Drive.
    • Receive configuration information.
    • Receive other information about your system.(Location, certificates, etc.)
    • Validate certificates.

    Removing TrojanSpy:Win32/Nivdort.CT Completely

    In order to remove TrojanSpy:Win32/Nivdort.CT fully you must isolate the threat first. You can do this by stopping all third-party applications and booting into safe mode with networking. However, such Trojans always change registry settings and other system properties which may be challenging to be rid of. This is why you should follow the step by step manual below in order to successfully be rid of the spyware and other malware it may have downloaded onto your PC.

    1. Boot Your PC In Safe Mode to isolate and remove TrojanSpy:Win32/Nivdort.CT
    2. Remove TrojanSpy:Win32/Nivdort.CT with SpyHunter Anti-Malware Tool
    3. Remove TrojanSpy:Win32/Nivdort.CT with Malwarebytes Anti-Malware.
    4. Remove TrojanSpy:Win32/Nivdort.CT with STOPZilla AntiMalware
    5. Back up your data to secure it against infections by TrojanSpy:Win32/Nivdort.CT in the future
    NOTE! Substantial notification about the TrojanSpy:Win32/Nivdort.CT threat: Manual removal of TrojanSpy:Win32/Nivdort.CT requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

    Ventsislav Krastev

    Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

    More Posts - Website

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Share on Twitter Tweet
    Share on Google Plus Share
    Share on Linkedin Share
    Share on Digg Share
    Share on Reddit Share
    Share on Stumbleupon Share