Categories: Backdoor

Backdoor.Staser removal instruction

The Backdoor.Staser is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor.Staser virus can do?

Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Sniffs keystrokes
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

ava.ctf.pub

a.tomx.xyz

How to determine Backdoor.Staser?


File Info:
crc32: 5BA65DAAmd5: fac18219e1677269c3c3d8f56c955f06name: 8085.exesha1: 028030984a6ab026c929d8f25a219a7ecca519a4sha256: c3eb257895a819eab0a0edcbf119ae920d11e8cfb4de302b8f59799e133d31aasha512: 3ff726da40fe5f08dde36ea5b193cd709417f6b6f1215c8156da95463903d12f26d8d7805e3c52830155f3f1e243476d67f740e00f9e01bc07d55a6de4a929aassdeep: 3072:PmZBWwd86YpyFnpdp/xVRXEgoY8fv/fNbJzZ7EBMX8Wry6:PTnpyNpH/xVyfY8fv/fX97EYhtype: PE32 executable (GUI) Intel 80386, for MS Windows
Version Info:
LegalCopyright: x7248x6743x6240x6709 (C) 2012InternalName: adbrowserFileVersion: 1, 0, 0, 9CompanyName: Net.Soft StudioPrivateBuild: 20120830.01LegalTrademarks: Comments: ProductName: adbrowserSpecialBuild: ProductVersion: 1, 0, 0, 9FileDescription: P2Px7ec8x7ed3x8005x8f85x52a9x6a21x5757OriginalFilename: adbrowser.EXETranslation: 0x0804 0x04b0

Backdoor.Staser also known as:

MicroWorld-eScan	Backdoor.Zegost.BC
FireEye	Generic.mg.fac18219e1677269
CAT-QuickHeal	Trojan.Aksula.A
Qihoo-360	Win32/Backdoor.Gh0st.LS
ALYac	Backdoor.Zegost.BC
Cylance	Unsafe
VIPRE	Win32.Malware!Drop
Sangfor	Malware
K7AntiVirus	Trojan ( 0040f7ad1 )
BitDefender	Backdoor.Zegost.BC
K7GW	Trojan ( 0040f7ad1 )
Cybereason	malicious.9e1677
TrendMicro	BKDR_ZEGOST.SML
BitDefenderTheta	Gen:NN.ZexaF.34122.ni1@aOvpuhhb
Cyren	W32/S-3d9bc1fd!Eldorado
Baidu	Win32.Trojan.Farfli.bg
TrendMicro-HouseCall	BKDR_ZEGOST.SML
Avast	Win32:Farfli-CF [Cryp]
ClamAV	Win.Trojan.Zegost-7007928-0
GData	Backdoor.Zegost.BC
Kaspersky	Backdoor.Win32.Farfli.alus
Alibaba	Backdoor:Win32/Farfli.04fd2e00
NANO-Antivirus	Trojan.Win32.TrjGen.csulmd
AegisLab	Trojan.Win32.Kykymber.lUlR
APEX	Malicious
Rising	Backdoor.Farfli!1.B6C5 (CLOUD)
Ad-Aware	Backdoor.Zegost.BC
Sophos	Troj/Zegost-CV
Comodo	TrojWare.Win32.Kryptik.BPVQ@56xtf6
F-Secure	Backdoor.BDS/Zegost.mdqcz
DrWeb	Trojan.Siggen6.27861
Zillya	Trojan.Kryptik.Win32.737668
Invincea	heuristic
McAfee-GW-Edition	BehavesLike.Win32.Generic.dh
Trapmine	malicious.high.ml.score
Emsisoft	Backdoor.Zegost.BC (B)
SentinelOne	DFI – Suspicious PE
F-Prot	W32/S-3d9bc1fd!Eldorado
Jiangmin	Trojan/Generic.avrta
Webroot	W32.Trojan.Gen
Avira	BDS/Zegost.mdqcz
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win32.AGeneric
Endgame	malicious (high confidence)
Arcabit	Backdoor.Zegost.BC
SUPERAntiSpyware	Trojan.Agent/Gen-Siggen
ZoneAlarm	Backdoor.Win32.Farfli.alus
Microsoft	Backdoor:Win32/Zegost.AD
AhnLab-V3	Trojan/Win32.Scar.R65072
Acronis	suspicious
McAfee	BackDoor-FCGT!FAC18219E167
TACHYON	Backdoor/W32.Farfli.215905
VBA32	BScope.Backdoor.Spy
Malwarebytes	Backdoor.Staser
Panda	Generic Malware
Zoner	Trojan.Win32.29512
ESET-NOD32	Win32/Farfli.ARD
Tencent	Malware.Win32.Gencirc.10b406f5
Yandex	Trojan.Kryptik!BskX9BEG55w
Ikarus	Backdoor.Win32.Zegost
Fortinet	W32/Farfli.PZA!tr
AVG	Win32:Farfli-CF [Cryp]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Win.MxResIcn.Heur.Gen