Backdoor

Backdoor:Win32/Zegost.BK removal

Malware Removal

The Backdoor:Win32/Zegost.BK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:Win32/Zegost.BK virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • Binary file triggered multiple YARA rules
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Zegost.BK?


File Info:

name: C6030BDAC99578C49F27.mlw
path: /opt/CAPEv2/storage/binaries/47ac70d99ddd9742285be450b771da5c2c7be7cc72d112f5188965e084365ba6
crc32: BBF71193
md5: c6030bdac99578c49f27744095ef78a0
sha1: 2b24597eb084441d3d671afc890e7a1300c94e29
sha256: 47ac70d99ddd9742285be450b771da5c2c7be7cc72d112f5188965e084365ba6
sha512: 33942408492bc9bdbe25b9def15e1238b85110cc2880c5af2c4511896fcce66e9a9799cd21c48001dd2a6939e81a65e354967825520216183a9fdc0d051a1adc
ssdeep: 3072:Wiu+GZlqkvHTQBdt9dkk5TwjeEl9coQ6qBs0FE5C7:Wt+GPqkHT2dt9dkk5UblW56qBJd7
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T155043B02C69082ADE0B7107D6CA7AB3E5A2F7E700B5894C3B3D4DE4619B52D5A7317CB
sha3_384: 51c02577b23ca0d7c4e8913eb18e6496b0483ca5e1d4a811ea1dd5d10af84c7650cd1f70ea930119da763ec5639dba62
ep_bytes: 558bec518b450c8945fc837dfc017408
timestamp: 2011-06-16 19:03:44

Version Info:

Comments: 2010-12-8 15:13:25
CompanyName: Tencent
FileDescription: QQ拼音输入法 扩展DLL
FileVersion: 4.0.1023.400
InternalName: QQImeUtil
LegalCopyright: Copyright ? 2007-2010 Tencent. All Rights Reserved.
LegalTrademarks:
LegalTrademarks1:
LegalTrademarks2:
OriginalFilename: QQImeUtil.dll
PrivateBuild:
ProductName: QQ拼音输入法 扩展DLL
ProductVersion: 4.0.1023.400
SpecialBuild:
Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.BK also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Cridex.1
FireEyeGeneric.mg.c6030bdac99578c4
SkyhighBehavesLike.Win32.Dropper.ch
McAfeeProcKill-FE.a
Cylanceunsafe
ZillyaBackdoor.Inject.Win32.2865
SangforSuspicious.Win32.Save.ins
AlibabaBackdoor:Win32/Magania.15f21dc6
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BaiduWin32.Trojan.KillAV.c
VirITTrojan.Win32.Generic.CAVX
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/Farfli.DA
TrendMicro-HouseCallTSPY_MAGANIA_BK22018C.TOMC
AvastWin32:Farfli-AV [Trj]
ClamAVWin.Trojan.Redosdru-9875198-0
KasperskyTrojan-GameThief.Win32.Magania.hsde
BitDefenderGen:Heur.Cridex.1
NANO-AntivirusTrojan.Win32.Magania.entvna
TencentMalware.Win32.Gencirc.10b1caf9
EmsisoftGen:Heur.Cridex.1 (B)
GoogleDetected
F-SecureBackdoor.BDS/Morix.M
DrWebTrojan.DownLoader4.62991
VIPREGen:Heur.Cridex.1
TrendMicroTSPY_MAGANIA_BK22018C.TOMC
SophosMal/Generic-S
JiangminBackdoor/Inject.bua
WebrootW32.Rogue.Gen
VaristW32/Backdoor.S.gen!Eldorado
AviraBDS/Morix.M
MAXmalware (ai score=100)
Antiy-AVLTrojan[Backdoor]/Win32.Inject
KingsoftWin32.HeurC.KVM005.a
MicrosoftBackdoor:Win32/Zegost.BK
XcitiumMalware@#31ftxr369qk5a
ArcabitTrojan.Cridex.1
ZoneAlarmTrojan-GameThief.Win32.Magania.hsde
GDataGen:Heur.Cridex.1
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Agent.21147692
BitDefenderThetaGen:NN.ZedlaF.36804.ky8@ay!pHIlb
VBA32Backdoor.Inject
MalwarebytesGeneric.Malware.AI.DDS
PandaTrj/Genetic.gen
RisingBackdoor.Farfli!1.A1B3 (CLASSIC)
YandexTrojan.GenAsa!Oct2Igyj0Q0
IkarusTrojan-GameThief.Win32.Magania
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Inject.ITC!tr
AVGWin32:Farfli-AV [Trj]
DeepInstinctMALICIOUS
alibabacloudTrojan:Win/Farfli.DA

How to remove Backdoor:Win32/Zegost.BK?

Backdoor:Win32/Zegost.BK removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment