Encyclopedia entry
Updated:
Apr 17, 2011
| Published:
Jul 22, 2010
Aliases
W32/BackdoorX.DYQT
(Command)
-
BackDoor.Agent.AHGH
(AVG)
-
BDS/Agent.avvc.1
(Avira)
-
Win32/Redosdru.CP
(ESET)
-
Trojan-PWS.Win32.Bjlog
(Ikarus)
-
Backdoor.Win32.Agent.avvc
(Kaspersky)
-
Mal/Zegost-E
(Sophos)
Alert Level
(?)
Severe
Antimalware protection details
Microsoft recommends that you download the
latest definitions
to get protected.
Detection last updated:
Definition: 1.151.645.0
Released: May 22, 2013
|
|
Detection initially created:
Definition: 1.71.1914.0
Released: Jan 08, 2010
|
Summary
Backdoor:Win32/Zegost.B is the detection for malware that may be used by remote attackers to gain access to the computer in which it is installed.
Symptoms
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.
Technical Information (Analysis)
Backdoor:Win32/Zegost.B is the detection for malware that may be used by remote attackers to gain access to the computer in which it is installed.
Installation
Once installed, it attaches its code to the following legitimate Windows process:
Payload
Allows backdoor access and control
Backdoor:Win32/Zegost.B connects to the following remote server to send and receive data via HTTP transactions:
From this server, it may receive commands such as the following:
-
Copying, executing, downloading, and deleting files
-
Gathering information from the RAS phonebook
-
Capturing screenshots
Analysis by Marianne Mallen
Prevention
Recovery
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
