Categories: Backdoor

Backdoor:Win32/Zegost.BK removal

The Backdoor:Win32/Zegost.BK is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.BK virus can do?

Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
Authenticode signature is invalid
Binary file triggered multiple YARA rules
Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Zegost.BK?


File Info:
name: C6030BDAC99578C49F27.mlwpath: /opt/CAPEv2/storage/binaries/47ac70d99ddd9742285be450b771da5c2c7be7cc72d112f5188965e084365ba6crc32: BBF71193md5: c6030bdac99578c49f27744095ef78a0sha1: 2b24597eb084441d3d671afc890e7a1300c94e29sha256: 47ac70d99ddd9742285be450b771da5c2c7be7cc72d112f5188965e084365ba6sha512: 33942408492bc9bdbe25b9def15e1238b85110cc2880c5af2c4511896fcce66e9a9799cd21c48001dd2a6939e81a65e354967825520216183a9fdc0d051a1adcssdeep: 3072:Wiu+GZlqkvHTQBdt9dkk5TwjeEl9coQ6qBs0FE5C7:Wt+GPqkHT2dt9dkk5UblW56qBJd7type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windowstlsh: T155043B02C69082ADE0B7107D6CA7AB3E5A2F7E700B5894C3B3D4DE4619B52D5A7317CBsha3_384: 51c02577b23ca0d7c4e8913eb18e6496b0483ca5e1d4a811ea1dd5d10af84c7650cd1f70ea930119da763ec5639dba62ep_bytes: 558bec518b450c8945fc837dfc017408timestamp: 2011-06-16 19:03:44
Version Info:
Comments: 2010-12-8 15:13:25CompanyName: TencentFileDescription: QQ拼音输入法 扩展DLLFileVersion: 4.0.1023.400InternalName: QQImeUtilLegalCopyright: Copyright ? 2007-2010 Tencent. All Rights Reserved.LegalTrademarks: LegalTrademarks1: LegalTrademarks2: OriginalFilename: QQImeUtil.dllPrivateBuild: ProductName: QQ拼音输入法 扩展DLLProductVersion: 4.0.1023.400SpecialBuild: Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.BK also known as:

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Cridex.1
FireEye	Generic.mg.c6030bdac99578c4
Skyhigh	BehavesLike.Win32.Dropper.ch
McAfee	ProcKill-FE.a
Cylance	unsafe
Zillya	Backdoor.Inject.Win32.2865
Sangfor	Suspicious.Win32.Save.ins
Alibaba	Backdoor:Win32/Magania.15f21dc6
K7GW	Riskware ( 0040eff71 )
K7AntiVirus	Riskware ( 0040eff71 )
Baidu	Win32.Trojan.KillAV.c
VirIT	Trojan.Win32.Generic.CAVX
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	Win32/Farfli.DA
TrendMicro-HouseCall	TSPY_MAGANIA_BK22018C.TOMC
Avast	Win32:Farfli-AV [Trj]
ClamAV	Win.Trojan.Redosdru-9875198-0
Kaspersky	Trojan-GameThief.Win32.Magania.hsde
BitDefender	Gen:Heur.Cridex.1
NANO-Antivirus	Trojan.Win32.Magania.entvna
Tencent	Malware.Win32.Gencirc.10b1caf9
Emsisoft	Gen:Heur.Cridex.1 (B)
Google	Detected
F-Secure	Backdoor.BDS/Morix.M
DrWeb	Trojan.DownLoader4.62991
VIPRE	Gen:Heur.Cridex.1
TrendMicro	TSPY_MAGANIA_BK22018C.TOMC
Sophos	Mal/Generic-S
Jiangmin	Backdoor/Inject.bua
Webroot	W32.Rogue.Gen
Varist	W32/Backdoor.S.gen!Eldorado
Avira	BDS/Morix.M
MAX	malware (ai score=100)
Antiy-AVL	Trojan[Backdoor]/Win32.Inject
Kingsoft	Win32.HeurC.KVM005.a
Microsoft	Backdoor:Win32/Zegost.BK
Xcitium	Malware@#31ftxr369qk5a
Arcabit	Trojan.Cridex.1
ZoneAlarm	Trojan-GameThief.Win32.Magania.hsde
GData	Gen:Heur.Cridex.1
Cynet	Malicious (score: 100)
AhnLab-V3	Win-Trojan/Agent.21147692
BitDefenderTheta	Gen:NN.ZedlaF.36804.ky8@ay!pHIlb
VBA32	Backdoor.Inject
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Genetic.gen
Rising	Backdoor.Farfli!1.A1B3 (CLASSIC)
Yandex	Trojan.GenAsa!Oct2Igyj0Q0
Ikarus	Trojan-GameThief.Win32.Magania
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Inject.ITC!tr
AVG	Win32:Farfli-AV [Trj]
DeepInstinct	MALICIOUS
alibabacloud	Trojan:Win/Farfli.DA