Backdoor

About “Backdoor:MSIL/Zegost.GG!MTB” infection

Malware Removal

The Backdoor:MSIL/Zegost.GG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:MSIL/Zegost.GG!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the FatalRAT malware family
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Backdoor:MSIL/Zegost.GG!MTB?



File Info:

name: 44B7462BF30FAE740886.mlw
path: /opt/CAPEv2/storage/binaries/a38e9b2d303c54256516d84b8a4e45b75fd52ddd5c13f71d6020e5027279f9f4
crc32: 02705483
md5: 44b7462bf30fae74088649798416f310
sha1: b23f7c5f445463e3c4437564f0a2df249b202f8c
sha256: a38e9b2d303c54256516d84b8a4e45b75fd52ddd5c13f71d6020e5027279f9f4
sha512: 62c40e7d1636819cb48d0919744d82ae922f7bb7294f8cfc3d4ca5a30eacb165f7b0ceafd09b24c981343c92e93d30b2d8a09b1b956d0bde74819af58ab07a77
ssdeep: 3072:T1ltd5LZseWDzoPZ6WS6BLfvgaSlpcD+05f:NSzkPDNGEf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16414AE8628964779DCCD02B1E13D9A6C119E49E0AA31F8EE572E686B47313D7F1E3307
sha3_384: 1746056dc6cd31aad7f0cf982637e41a57c57aab1e44849cf2ad262af31658397b7377724703603b954b102e44379604
ep_bytes: 558bec6aff68a0604000683c2b400064
timestamp: 2021-04-20 08:04:19


Version Info:

0: [No Data]

Backdoor:MSIL/Zegost.GG!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Glomaru.lXMS
DrWebTrojan.MulDrop17.52527
MicroWorld-eScanDeepScan:Generic.KillMBR.A.83D66AD9
FireEyeGeneric.mg.44b7462bf30fae74
McAfeeGenericRXTR-OV!44B7462BF30F
Cylanceunsafe
ZillyaWorm.AutoRun.Win32.260715
SangforBackdoor.Win32.Zegost.Vdhm
K7AntiVirusTrojan ( 005a74e61 )
AlibabaBackdoor:Win32/Zegost.24ff3ab9
K7GWTrojan ( 005a74e61 )
Cybereasonmalicious.bf30fa
BitDefenderThetaAI:Packer.C5DCEBE81E
CyrenW32/Agent.EWL.gen!Eldorado
SymantecTrojan!im
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/FatalRAT.A
APEXMalicious
CynetMalicious (score: 100)
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderDeepScan:Generic.KillMBR.A.83D66AD9
NANO-AntivirusTrojan.Win32.Farfli.itwbcp
AvastWin32:GenMalicious-JHS [Trj]
TencentMalware.Win32.Gencirc.10bd975c
EmsisoftDeepScan:Generic.KillMBR.A.83D66AD9 (B)
F-SecureTrojan.TR/Dropper.Gen
VIPREDeepScan:Generic.KillMBR.A.83D66AD9
TrendMicroTROJ_GEN.R011C0DGD23
McAfee-GW-EditionBehavesLike.Win32.Infected.ch
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan.Win32.Farfli
GDataDeepScan:Generic.KillMBR.A.83D66AD9
JiangminBackdoor.Generic.cjvw
AviraTR/Dropper.Gen
Antiy-AVLTrojan[Backdoor]/MSIL.Zegost
XcitiumTrojWare.Win32.Agent.PDSB@4q3i1w
ArcabitDeepScan:Generic.KillMBR.A.83D66AD9
ViRobotTrojan.Win.Z.Zegost.196608.EE
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftBackdoor:MSIL/Zegost.GG!MTB
GoogleDetected
AhnLab-V3Trojan/Win.LVbg.R553633
ALYacDeepScan:Generic.KillMBR.A.83D66AD9
MAXmalware (ai score=87)
VBA32BScope.Backdoor.Farfli
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/CI.A
TrendMicro-HouseCallTROJ_GEN.R011C0DGD23
RisingTrojan.Kryptik!1.AAD1 (CLASSIC)
YandexWorm.AutoRun!VEOcU5Th0yQ
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.7175197.susgen
FortinetW32/GenKryptik.BJAB!tr
AVGWin32:GenMalicious-JHS [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Backdoor:MSIL/Zegost.GG!MTB?

Backdoor:MSIL/Zegost.GG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment