is malware that drops a backdoor trojan in your computer. The backdoor trojan is detected as Backdoor:Win32/Zegost.X.
copies itself in your computer as the following file:
It also creates the following shortcut, which points to its copy:
Note: <startup folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the Startup folder for Windows XP and 2003 is '%USERPROFILE%\Start Menu\Programs\Startup'. For Windows Vista and 7, the default location is '%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'.
It also creates the following mutex:
"WuSh B- Is Running!"
Deletes security-related files
attempts to delete Kaspersky antivirus files.
Drops another malware
creates the following file, then injects it into the "explorer.exe" process:
This file is detected as Backdoor:Win32/Zegost.X.
Analysis by Patrik Vicol
The following system changes may indicate the presence of this malware:
- The presence of the following files:
- Your Kaspersky antivirus program may fail to function as normal.