Backdoor

Backdoor:Win32/Zegost.ZG!MTB removal

Malware Removal

The Backdoor:Win32/Zegost.ZG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Backdoor:Win32/Zegost.ZG!MTB virus can do?

  • Executable code extraction
  • Attempts to connect to a dead IP:Port (1 unique times)
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Uses Windows utilities for basic functionality
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Uses suspicious command line tools or Windows utilities

How to determine Backdoor:Win32/Zegost.ZG!MTB?



File Info:

crc32: 917A401E
md5: c295b16fdea2af5f8dbe51fc1ae4820d
name: C295B16FDEA2AF5F8DBE51FC1AE4820D.mlw
sha1: df3298152c212763c2f4febd5b6c40990f9c9361
sha256: 4d07ca43d432d7423e2a01ea28820874a6286b41a59fb23d86e7a73198d3f4d6
sha512: 4a3867401278a3f0c66613784315731aec29f341434d641ddc5e4b181880fda90c0ab113691afd2ea31d4171fe049f8876d357f6fa8caf280d29d5507764d05a
ssdeep: 49152:7x3WX9cao+saxY1Kkog2GKNCN5t9TWx1C:7x3WXmh+fxLkog2GyCN5t9Tj
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: x7248x6743x6240x6709 (C) 2001
InternalName: MICQ
FileVersion: 1, 0, 0, 1
CompanyName: 
LegalTrademarks: 
ProductName: MICQ x5e94x7528x7a0bx5e8f
ProductVersion: 1, 0, 0, 1
FileDescription: MICQ Microsoft x57fax7840x7c7bx5e94x7528x7a0bx5e8f
OriginalFilename: MICQ.EXE
Translation: 0x0804 0x04b0

Backdoor:Win32/Zegost.ZG!MTB also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
CylanceUnsafe
CrowdStrikewin/malicious_confidence_90% (D)
Cybereasonmalicious.52c212
ESET-NOD32a variant of Win32/Kryptik.HCOL
APEXMalicious
KasperskyHEUR:Backdoor.Win32.Generic
BitDefenderThetaGen:NN.ZexaF.34770.Xz1@amrf1Wbb
FireEyeGeneric.mg.c295b16fdea2af5f
SentinelOneStatic AI – Suspicious PE
MicrosoftBackdoor:Win32/Zegost.ZG!MTB
VBA32BScope.Trojan.Wacatac
MalwarebytesMalware.AI.2437521825
FortinetW32/Kryptik.FHSE!tr

How to remove Backdoor:Win32/Zegost.ZG!MTB?

Backdoor:Win32/Zegost.ZG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment