Backdoor

Backdoor.Win32.Zegost removal

Malware Removal

The Backdoor.Win32.Zegost is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor.Win32.Zegost virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Expresses interest in specific running processes
  • The binary likely contains encrypted or compressed data.
  • Detects Sandboxie through the presence of a library
  • Checks for the presence of known windows from debuggers and forensic tools
  • The following process appear to have been packed with Themida: ss_pro_installer.exe
  • Network activity detected but not expressed in API logs
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Checks the version of Bios, possibly for anti-virtualization
  • Detects VirtualBox through the presence of a registry key
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Backdoor.Win32.Zegost?


File Info:

crc32: 48BD435D
md5: 9a638cdf9d98e24307f3b8b8161990fe
name: ss_pro_installer.exe
sha1: 0860b5014c0cd2de6078964af528e72b459962d4
sha256: 37db82b3a021552d2f4fea39cf7e1e1e79d893ed9fe157eac490a5397c544c6b
sha512: a4c30607915e129c37049f2cee1437708a2db032cb4abcefc56deaacfa9a296cfa2249d39bd9d02b42b3476264bc95b03667dfdb68f840a4bf432d79a54df0c8
ssdeep: 98304:blVwNTocQ9QQw2FigrPh6/Q15g9EIDMjkscIZK++:TkUcQugd6/Q0cZC
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x0000 0x04b0
LegalCopyright: Copyright xa9 2020
Assembly Version: 2.0.0.0
InternalName: SS Spotify Streamer Pro Installer.exe
FileVersion: 2.0.0.0
CompanyName: Psychil
LegalTrademarks:
Comments:
ProductName: SS Spotify Streamer Pro Installer
ProductVersion: 2.0.0.0
FileDescription: SS Spotify Streamer Pro Installer
OriginalFilename: SS Spotify Streamer Pro Installer.exe

Backdoor.Win32.Zegost also known as:

BkavHW32.Packed.
MicroWorld-eScanTrojan.GenericKD.43361766
FireEyeGeneric.mg.9a638cdf9d98e243
CAT-QuickHealBackdoor.Zegost
McAfeeArtemis!9A638CDF9D98
CylanceUnsafe
K7AntiVirusTrojan ( 00559a4c1 )
BitDefenderTrojan.GenericKD.43361766
K7GWTrojan ( 00559a4c1 )
Cybereasonmalicious.14c0cd
Invinceaheuristic
SymantecML.Attribute.HighConfidence
APEXMalicious
AvastWin32:Trojan-gen
GDataTrojan.GenericKD.43361766
KasperskyHEUR:Backdoor.Win32.Zegost.gen
AlibabaPacked:Win32/Themida.3dc90667
NANO-AntivirusTrojan.Win32.Zegost.hlwzqs
AegisLabTrojan.Win32.Zegost.m!c
RisingBackdoor.Zegost!8.177 (CLOUD)
Endgamemalicious (high confidence)
SophosMal/Generic-S
ComodoMalware@#x9zsonn7f8bm
F-SecureTrojan.TR/Crypt.XPACK.Gen
VIPRETrojan.Win32.Generic!BT
MaxSecureTrojan.Malware.300983.susgen
Trapminemalicious.high.ml.score
EmsisoftTrojan.GenericKD.43361766 (B)
IkarusTrojan.Win32.Themida
CyrenW32/Trojan.DLVY-9321
JiangminBackdoor.Zegost.ajq
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=89)
MicrosoftTrojan:Win32/Occamy.C37
ArcabitTrojan.Generic.D295A5E6
ZoneAlarmHEUR:Backdoor.Win32.Zegost.gen
CynetMalicious (score: 90)
BitDefenderThetaGen:NN.ZexaF.34130.@B0@ayIoR3c
ALYacTrojan.GenericKD.43361766
VBA32TScope.Malware-Cryptor.SB
MalwarebytesTrojan.MalPack.Themida.Generic
ESET-NOD32a variant of Win32/Packed.Themida.GZV
TrendMicro-HouseCallTROJ_GEN.R002H0CFJ20
YandexTrojan.Themida!
SentinelOneDFI – Malicious PE
eGambitUnsafe.AI_Score_95%
FortinetW32/Zegost!tr.bdr
Ad-AwareTrojan.GenericKD.43361766
AVGWin32:Trojan-gen
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_80% (W)
Qihoo-360Win32/Backdoor.15f

How to remove Backdoor.Win32.Zegost?

Backdoor.Win32.Zegost removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment