Backdoor

Should I remove “Backdoor:Win32/Zegost.CC”?

Malware Removal

The Backdoor:Win32/Zegost.CC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Zegost.CC virus can do?

  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Backdoor:Win32/Zegost.CC?



File Info:

name: 8A966F18090D223401F0.mlw
path: /opt/CAPEv2/storage/binaries/a7cbe562c0b581d6b0004d0bbaf1ef035fcd8548fd3f39ec86a09a23221b1c0e
crc32: FB0C54E9
md5: 8a966f18090d223401f0b25c0ad16fb1
sha1: 05757f4c62ebb44b7e723cdef670c54d1523eab1
sha256: a7cbe562c0b581d6b0004d0bbaf1ef035fcd8548fd3f39ec86a09a23221b1c0e
sha512: ab7c768450e559b0d4c683cd504d35caf31afc22d27c8999a570233bc76fc65a7b788bcfb92364066011c1ebe8b36ba62dc3a115868d595d4100a88eaf3dba3d
ssdeep: 768:SzGHiSeZlek5gQZ6NpxMVjDQgPtxPps/:Szh162Vj3PJs
type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
tlsh: T1CCF229059B5485FFE67C103598FA977E9B36B85867DC8D87320AE39D2823018F7523CA
sha3_384: a0aae99b24a6f7aa11dd7b18da142986ed1e88b1ab7c164925b009c190f6d1b8bd1e5e9ddf9f159dcbcdc4afb94bd3f4
ep_bytes: 558bec538b5d08568b750c578b7d1085
timestamp: 2012-01-10 05:25:14


Version Info:

Comments: 
CompanyName: Microsoft Corporation
FileDescription: Device Protect Application
FileVersion: 3, 6, 0, 0
InternalName: Microsoft(R) Windows(R) Operating System
LegalCopyright: Copyright ? 2008
LegalTrademarks: 
OriginalFilename: svchost.dll
PrivateBuild: 
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 3, 6, 0, 0
SpecialBuild: 
Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.CC also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Heur.cu8@dlV7FDbb
FireEyeGeneric.mg.8a966f18090d2234
SkyhighFakeAlert-FGI!8A966F18090D
McAfeeFakeAlert-FGI!8A966F18090D
Cylanceunsafe
ZillyaTrojan.Fusing.Win32.339
SangforSuspicious.Win32.Save.ins
AlibabaBackdoor:Win32/Zegost.f20324df
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:Packer.72FCB67E1C
SymantecBackdoor.Trojan
ESET-NOD32a variant of Win32/Farfli.CUK
APEXMalicious
CynetMalicious (score: 100)
KasperskyUDS:Trojan.Win32.Generic
BitDefenderGen:Trojan.Heur.cu8@dlV7FDbb
NANO-AntivirusTrojan.Win32.Fusing.ovqpk
SUPERAntiSpywareTrojan.Agent/Gen-WebGame
AvastWin32:Trojan-gen
TencentBackdoor.Win32.Gh0st.q
EmsisoftGen:Trojan.Heur.cu8@dlV7FDbb (B)
F-SecureTrojan.TR/AD.Farfli.edpwi
DrWebTrojan.Inject1.2902
VIPREGen:Trojan.Heur.cu8@dlV7FDbb
SophosMal/Behav-170
IkarusTrojan-GameThief.Win32.Magania
GDataGen:Trojan.Heur.cu8@dlV7FDbb
JiangminBackdoor/Ceckno.boi
WebrootW32.Trojan.Gen
GoogleDetected
AviraTR/AD.Farfli.edpwi
Antiy-AVLTrojan/Win32.Unknown
KingsoftWin32.HeurC.KVM005.a
XcitiumTrojWare.Win32.GameThief.Magania.~NWABI@1775fs
ArcabitTrojan.Heur.ECA28D
ZoneAlarmUDS:Trojan.Win32.Generic
MicrosoftBackdoor:Win32/Zegost.CC
VaristW32/OnlineGames.BX.gen!Eldorado
AhnLab-V3Trojan/Win32.OnlineGameHack.R13673
VBA32BScope.Backdoor.Torr
ALYacGen:Trojan.Heur.cu8@dlV7FDbb
MAXmalware (ai score=100)
MalwarebytesTrojan.FakeMS.ED
RisingBackdoor.Zegost!1.9964 (CLASSIC)
YandexTrojan.GenAsa!sdRcL6hI2Vw
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.2588.susgen
FortinetW32/Torr.BE!tr.bdr
AVGWin32:Trojan-gen
DeepInstinctMALICIOUS

How to remove Backdoor:Win32/Zegost.CC?

Backdoor:Win32/Zegost.CC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment