Categories: Backdoor

Backdoor:Win32/Zegost.CD!bit removal guide

The Backdoor:Win32/Zegost.CD!bit is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Backdoor:Win32/Zegost.CD!bit virus can do?

Possible date expiration check, exits too soon after checking local time
Expresses interest in specific running processes
Drops a binary and executes it
Unconventionial binary language: Chinese (Simplified)
Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
Attempts to repeatedly call a single API many times in order to delay analysis time
Installs itself for autorun at Windows startup
Creates a copy of itself

Related domains:

t.nxxxn.ga

How to determine Backdoor:Win32/Zegost.CD!bit?


File Info:
crc32: 7172A680md5: e922d581d4ec1f4fbea9dd6a2e29088aname: SQLIOMDSD.exesha1: cd2fd300cb5f5d8c0410fdd833a4723145d2ca79sha256: 5ab627f3c358738d60d0798b05e8e275958dd0058eb8fee2ec4ad360083984f6sha512: 9265490318c57fa4acf1c1a3fbcedd16a7e0aea11e5c4dc3682fd1e74059a8cccab544259e683ee3bf1f99a9795423f02d705b2a62c3a007d61ea23032f13a5essdeep: 384:B/dxXkROvwuK76kNQexc+v2PVGsa1IJyGxsTKV9K2fId1F7vvxlLYe:B/v0wWzHc+v2Pssa1pGyTdF7Dbtype: MS-DOS executable, MZ for MS-DOS
Version Info:
LegalCopyright: (C) 360.cn Inc. All Rights Reserved.InternalName: 360DnsOptFileVersion: 1.0.0.1058CompanyName: 360x4e92x8054x7f51x5b89x5168x4e2dx5fc3ProductName: 360x5b89x5168x536bx58ebProductVersion: 1.0.0.1058FileDescription: 360x5b89x5168x536bx58eb DNSx4f18x9009OriginalFilename: 360DnsOpt.exeTranslation: 0x0804 0x04b0

Backdoor:Win32/Zegost.CD!bit also known as:

MicroWorld-eScan	GenPack:Generic.Zegost.3.E594680F
FireEye	Generic.mg.e922d581d4ec1f4f
CAT-QuickHeal	Trojan.GenericPMF.S7517963
Qihoo-360	HEUR/QVM18.1.1F71.Malware.Gen
McAfee	Trojan-INV
Cylance	Unsafe
Zillya	Trojan.Agent.Win32.1126264
Sangfor	Malware
K7AntiVirus	Trojan ( 004d57481 )
BitDefender	GenPack:Generic.Zegost.3.E594680F
K7GW	Trojan ( 004d57481 )
Cybereason	malicious.1d4ec1
Invincea	heuristic
BitDefenderTheta	AI:Packer.6D0060711F
F-Prot	W32/Farfli.BA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Agent.QJH
Baidu	Win32.Trojan.Agent.atj
TrendMicro-HouseCall	BKDR_ZEGOST.SM40
Avast	Win32:Dropper-ODE [Drp]
ClamAV	Win.Malware.Zegost-6919579-0
GData	GenPack:Generic.Zegost.3.E594680F
Kaspersky	HEUR:Trojan.Win32.Generic
Rising	Backdoor.Farfli!8.B4 (TFE:5:4kN3d1oYb6H)
Ad-Aware	GenPack:Generic.Zegost.3.E594680F
Sophos	Mal/Behav-024
Comodo	TrojWare.Win32.PSW.GamePass.F@35ift2
F-Secure	Trojan.TR/Crypt.XPACK.Gen
DrWeb	BackDoor.Spy.2436
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	BKDR_ZEGOST.SM40
McAfee-GW-Edition	BehavesLike.Win32.Mydoom.mc
SentinelOne	DFI – Malicious PE
CMC	Virus.Win32.Sality!O
Emsisoft	GenPack:Generic.Zegost.3.E594680F (B)
APEX	Malicious
Cyren	W32/Farfli.BA.gen!Eldorado
Jiangmin	Trojan/Generic.bcjgw
Webroot	W32.Malware.Mlpe
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Trojan[Backdoor]/Win32.Zegost
Endgame	malicious (high confidence)
Arcabit	GenPack:Generic.Zegost.3.E594680F
AhnLab-V3	Backdoor/Win32.RL_Zegost.R289802
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Backdoor:Win32/Zegost.CD!bit
TACHYON	Backdoor/W32.Farfli.22528.B
Acronis	suspicious
VBA32	BScope.Trojan.Agent
ALYac	GenPack:Generic.Zegost.3.E594680F
MAX	malware (ai score=88)
Malwarebytes	Backdoor.Farfli
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.68809
Tencent	Malware.Win32.Gencirc.10b0c2af
Yandex	Backdoor.Farfli!S9/WFy1iLOU
Ikarus	Trojan.Win32.Agent
Fortinet	W32/Agent.QJH!tr
AVG	Win32:Dropper-ODE [Drp]
CrowdStrike	win/malicious_confidence_100% (D)
MaxSecure	Win.MxResIcn.Heur.Gen