Follow:

 

Backdoor:Win32/Zegost.B


Backdoor:Win32/Zegost.B is the detection for malware that may be used by remote attackers to gain access to the computer in which it is installed.


What to do now

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Backdoor:Win32/Zegost.B is the detection for malware that may be used by remote attackers to gain access to the computer in which it is installed.
Installation
Once installed, it attaches its code to the following legitimate Windows process:
 
  • svchost.exe
Payload
Allows backdoor access and control
Backdoor:Win32/Zegost.B connects to the following remote server to send and receive data via HTTP transactions:
 
  • xx0518.3322.org
 
From this server, it may receive commands such as the following:
 
  • Copying, executing, downloading, and deleting files
  • Gathering information from the RAS phonebook
  • Capturing screenshots
 
Analysis by Marianne Mallen

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.

Prevention


Alert level: Severe
First detected by definition: 1.71.1914.0
Latest detected by definition: 1.189.835.0 and higher
First detected on: Jan 08, 2010
This entry was first published on: Jul 22, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • W32/BackdoorX.DYQT (Command)
  • BackDoor.Agent.AHGH (AVG)
  • BDS/Agent.avvc.1 (Avira)
  • Win32/Redosdru.CP (ESET)
  • Trojan-PWS.Win32.Bjlog (Ikarus)
  • Backdoor.Win32.Agent.avvc (Kaspersky)
  • Mal/Zegost-E (Sophos)