Categories: Malware

Should I remove “Win32:Zegost-C [Trj]”?

The Win32:Zegost-C [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Zegost-C [Trj] virus can do?

  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Mimics the file times of a Windows system file
  • Installs itself for autorun at Windows startup
  • Anomalous binary characteristics

Related domains:

ilo.brenz.pl
vip79318901.f3322.net
poujjo.com
ant.trenz.pl
ozpdik.com
doeyim.com
yauhgg.com
yqhiqa.com
utagrd.com
neuiru.com
ymdeuf.com
uztacu.com
ljygtu.com
aslpvf.com
hkascy.com
rfomoy.com
rhmyuc.com
jiiida.com
mzuabo.com
suldwq.com
nohomd.com
dggeau.com
viuuwb.com
msyxgx.com
yynpeg.com
aaylxi.com
hgtfny.com
ekhpae.com
riywre.com
isvroa.com
yrckzg.com
vfxbrm.com
esadgg.com
frazkv.com
oqaeds.com
ujveai.com
slyooy.com
feoymq.com
dkiuvz.com
ahoruh.com
xpoftk.com
wewxwg.com
dxcbwk.com
ecocku.com
uuyfnq.com
avugvi.com
hqnoxo.com
gkloqk.com
otzeud.com
teggyo.com
polekh.com
crdggk.com
eziquy.com
biejfi.com
loarrw.com
oeiqug.com
sbazdj.com
gfsbci.com
sugmjz.com
gxojpz.com
xmxeux.com
agvkdp.com
vtyaya.com
iuwtvq.com
gfbpmk.com
beofxs.com
eypokx.com
urxmyy.com
nkopix.com
lammzi.com
lgyjsu.com
aouajy.com
owqcey.com
uurxzh.com
tjkrok.com
vbzmgr.com
ggktbk.com
qukbmu.com
byubcp.com
ijejgh.com
eijrbh.com
ngfeit.com
ihqejl.com
oucayl.com
ksrard.com
sxcnvn.com
utjqon.com
leeyrd.com
yboern.com
usjfau.com
denttw.com
ytieew.com
hvkqqp.com
rovelw.com
ilitgy.com
uyrgip.com
hmyldw.com
owoelo.com
cixbmh.com
gzyias.com
uuyrzz.com
budfeb.com
goytlo.com

How to determine Win32:Zegost-C [Trj]?



File Info:

crc32: 6DE6D027md5: ae418cbd687838f4e3b5453da67d48e6name: sa1.exesha1: 2b091d99d8ca6f8a4ecaffc06300dd224d291fe5sha256: ec20ec663f9f32fc92edf9782f24fb2f4bb7facd4e82d353ae1b906ad9514e76sha512: b4903256af1f7479aaf4ae5aae39708c5bd526e92a84a5fa5b17aea2bc570b58e608b17ddf2c0314d37fd464e2ea846f00d45f83effd13db9fbef803ec601a32ssdeep: 3072:zo53onWdOMQHmbGXnhCTz4T02P56yTnxriOt4TBftlSjNL5i4sxuHoOCp5W:zo53onWd/xzz4Y2P5cOt4TBll9uHU5Wtype: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: (C) Microsoft Corporation. All rights reserved.               InternalName: cipherFileVersion: 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)CompanyName: Microsoft CorporationProductName: Microsoft(R) Windows(R) Operating SystemProductVersion: 5.2.3790.3959FileDescription: File Encryption UtilityOriginalFilename: CIPHER.EXETranslation: 0x0804 0x04b0

Win32:Zegost-C [Trj] also known as:

Bkav W32.Vetor.PE
MicroWorld-eScan Win32.Virtob.Gen.12
FireEye Generic.mg.ae418cbd687838f4
CAT-QuickHeal W32.Virut.G
McAfee W32/Virut.n.gen
Cylance Unsafe
VIPRE Virus.Win32.Virut.ce.5 (v)
Sangfor Malware
K7AntiVirus Trojan ( 005376ae1 )
Alibaba Virus:Win32/Virut.17eae0db
K7GW Trojan ( 005376ae1 )
CrowdStrike win/malicious_confidence_100% (W)
TrendMicro PE_VIRUX.R
BitDefenderTheta AI:FileInfector.C9457D4313
Cyren W32/Agent.CC.gen!Eldorado
Symantec W32.Virut.CF
ESET-NOD32 Win32/Virut.NBP
Baidu Win32.Virus.Virut.gen
TrendMicro-HouseCall PE_VIRUX.R
Avast Win32:Zegost-C [Trj]
Kaspersky Virus.Win32.Virut.ce
BitDefender Win32.Virtob.Gen.12
NANO-Antivirus Virus.Win32.Virut.hpeg
AegisLab Virus.Win32.Virut.lDdp
Tencent Virus.Win32.Virut.Gen.200001
Endgame malicious (high confidence)
Sophos W32/Scribble-B
Comodo Virus.Win32.Virut.CE@1fhkga
F-Secure Malware.W32/Virut.Gen
DrWeb Win32.Virut.56
Zillya Virus.Virut.Win32.1938
Invincea heuristic
McAfee-GW-Edition BehavesLike.Win32.Virut.dh
SentinelOne DFI – Malicious PE
Trapmine malicious.high.ml.score
CMC Virus.Win32.Virut.1!O
Emsisoft Win32.Virtob.Gen.12 (B)
APEX Malicious
F-Prot W32/Agent.CC.gen!Eldorado
Jiangmin Win32/Virut.bt
eGambit Unsafe.AI_Score_99%
Avira W32/Virut.Gen
Fortinet W32/Virtu.F
Antiy-AVL Virus/Win32.Virut.ce
Kingsoft Win32.Virut.dd.368640
Microsoft Virus:Win32/Virut.BN
AhnLab-V3 Win32/Virut.F
ZoneAlarm Virus.Win32.Virut.ce
TACHYON Virus/W32.Virut.Gen
TotalDefense Win32/Virut.17408
Acronis suspicious
VBA32 Virus.Virut.14
MAX malware (ai score=87)
Ad-Aware Win32.Virtob.Gen.12
Panda W32/Sality.AO
Rising Virus.Virut!1.A08B (CLOUD)
Yandex Win32.Virut.AB.Gen
Ikarus Virus.Win32.Ramnit
MaxSecure Virus.Virut.CE
GData Win32.Virtob.Gen.12
Webroot W32.Infector.Virut.Gen
AVG Win32:Zegost-C [Trj]
Cybereason malicious.d68783
Paloalto generic.ml
Qihoo-360 Virus.Win32.VirutChangeEntry.A

How to remove Win32:Zegost-C [Trj]?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: aaylxi.comagvkdp.comahoruh.comant.trenz.plaouajy.comaslpvf.comavugvi.combeofxs.combiejfi.combudfeb.combyubcp.comciphercixbmh.comcrdggk.comdenttw.comdggeau.comdkiuvz.comdoeyim.comdxcbwk.comecocku.comeijrbh.comekhpae.comesadgg.comeypokx.comeziquy.comfeoymq.comfrazkv.comgfbpmk.comgfsbci.comggktbk.comgkloqk.comgoytlo.comgxojpz.comgzyias.comhgtfny.comhkascy.comhmyldw.comhqnoxo.comhvkqqp.comihqejl.comijejgh.comilitgy.comilo.brenz.plisvroa.comiuwtvq.comjiiida.comksrard.comlammzi.comleeyrd.comlgyjsu.comljygtu.comloarrw.commsyxgx.commzuabo.comneuiru.comngfeit.comnkopix.comnohomd.comoeiqug.comoqaeds.comotzeud.comoucayl.comowoelo.comowqcey.comozpdik.compolekh.compoujjo.comqukbmu.comrfomoy.comrhmyuc.comriywre.comrovelw.comsbazdj.comslyooy.comsugmjz.comsuldwq.comsxcnvn.comteggyo.comtjkrok.comujveai.comurxmyy.comusjfau.comutagrd.comutjqon.comuurxzh.comuuyfnq.comuuyrzz.comuyrgip.comuztacu.comvbzmgr.comvfxbrm.comvip79318901.f3322.netviuuwb.comvtyaya.comwewxwg.comWin32:Zegost-C [Trj]xmxeux.comxpoftk.comyauhgg.comyboern.comymdeuf.comyqhiqa.comyrckzg.comytieew.comyynpeg.com
4 years ago

Recent Posts

MSIL/GenKryptik.GXIZ information

The MSIL/GenKryptik.GXIZ is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

Malware.AI.2789448175 (file analysis)

The Malware.AI.2789448175 is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

Jalapeno.1878 removal instruction

The Jalapeno.1878 is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

What is “Trojan.Heur3.LPT.YmKfaKBcBekib”?

The Trojan.Heur3.LPT.YmKfaKBcBekib is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

How to remove “Worm.Win32.Vobfus.exmt”?

The Worm.Win32.Vobfus.exmt is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago

About “TrojanDownloader:Win32/Beebone.JO” infection

The TrojanDownloader:Win32/Beebone.JO is considered dangerous by lots of security experts. When this infection is active,…

2 weeks ago