Backdoor

Backdoor:Win32/Zegost.BQ removal guide

Malware Removal

The Backdoor:Win32/Zegost.BQ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Zegost.BQ virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid
  • CAPE detected the PCRat malware family
  • Binary file triggered YARA rule
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Backdoor:Win32/Zegost.BQ?



File Info:

name: C1B718BAC224439B758D.mlw
path: /opt/CAPEv2/storage/binaries/409cf90f61600a2fb31ccdc82c5b6d4fbc454b2aa3ed3d33b536b0b3b5a2d451
crc32: 45F1F21A
md5: c1b718bac224439b758d5540f3b9bc22
sha1: 1dc15b8907bb2882cb3a33dc5b5ddf0f278c5ffa
sha256: 409cf90f61600a2fb31ccdc82c5b6d4fbc454b2aa3ed3d33b536b0b3b5a2d451
sha512: e70d9bcfae2583789958c776d453821c0324a3bb9f15dfad80fc20751bfeb0444372ea5b3b9b8297a7cbbf406f76b86cad3445851df6f887a2592545b4227f7c
ssdeep: 3072:HFbj3oYw4ek4WtyLv52HGVjqDxOegUB6M4aT1:HFbjm4ek4XTMDgtUB6Mz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T186D33B00E645856ED4B704B288AABF7BED68F9740718E443B3D8DD1A29741F86B3274F
sha3_384: 63de8423ea92b8046997c8032cb7b0826cd1db6e97287451ecf0eb53f214be500d21f2902a6944afb20562a66ef84ad5
ep_bytes: 558bec6aff68a891410068ca78410064
timestamp: 2012-10-31 16:10:31


Version Info:

Comments: 
CompanyName: Microsoft Corporation
FileDescription: 5.1.2600.5512 (xpsp.080413-2111)
FileVersion: 1, 0, 0, 1
InternalName: Microsoft? Windows? Operating System
LegalCopyright: 版权所有(C) 2012
LegalTrademarks: 
OriginalFilename: smss.exe
PrivateBuild: 
ProductName: Microsoft Corporation Client
ProductVersion: 2, 2, 3140, 0
SpecialBuild: 
Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.BQ also known as:

BkavW32.Common.E1DCBE41
Elasticmalicious (high confidence)
MicroWorld-eScanGeneric.PWS.WoW.C6FA1518
FireEyeGeneric.mg.c1b718bac224439b
CAT-QuickHealBackdoor.Farfli.K4
SkyhighBehavesLike.Win32.Dropper.cm
McAfeeGenericRXKT-HZ!C1B718BAC224
SangforSuspicious.Win32.Save.ins
AlibabaBackdoor:Win32/Farfli.351ffda6
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.63C6243E18
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Farfli.AQL
APEXMalicious
TrendMicro-HouseCallBKDR_ZEGOST.SM40
ClamAVWin.Trojan.Generic-6305873-0
KasperskyBackdoor.Win32.Farfli.aehl
BitDefenderGeneric.PWS.WoW.C6FA1518
NANO-AntivirusTrojan.Win32.Agent.bbfwns
AvastWin32:Downloader-UAC [Trj]
EmsisoftGeneric.PWS.WoW.C6FA1518 (B)
BaiduWin32.Trojan.Farfli.g
F-SecureTrojan.TR/Spy.Gen
DrWebDLOADER.Trojan
ZillyaTrojan.Agent.Win32.286537
TrendMicroBKDR_ZEGOST.SM40
Trapminesuspicious.low.ml.score
SophosMal/Generic-S
IkarusBackdoor.Win32.Farfli
MAXmalware (ai score=100)
JiangminHeur:Backdoor/Ghost
GoogleDetected
AviraTR/Spy.Gen
VaristW32/KillAV.AU.gen!Eldorado
Antiy-AVLTrojan/Win32.SGeneric
Kingsoftmalware.kb.a.1000
MicrosoftBackdoor:Win32/Zegost.BQ
XcitiumTrojWare.Win32.Farfli.NJ@567zkg
ArcabitGeneric.PWS.WoW.C6FA1518
ZoneAlarmBackdoor.Win32.Farfli.aehl
GDataGeneric.PWS.WoW.C6FA1518
CynetMalicious (score: 100)
Acronissuspicious
VBA32BScope.Trojan.SvcHorse.01643
ALYacGeneric.PWS.WoW.C6FA1518
Cylanceunsafe
PandaTrj/Genetic.gen
RisingBackdoor.Farfli!1.A1B3 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/CoinMiner.NJ!tr
AVGWin32:Downloader-UAC [Trj]
DeepInstinctMALICIOUS
alibabacloudBackdoor:Win/Farfli.AIL

How to remove Backdoor:Win32/Zegost.BQ?

Backdoor:Win32/Zegost.BQ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment