Home / malwarePDF  

Backdoor:Win32/Zegost.CK


First posted on 12 September 2014.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Zegost.CK.

Explanation :

Threat behavior

Installation

Backdoor:Win32/Zegost.CK copies itself to \update.exe. Note: refers to a variable location that the malware determines by querying your operating system. The default installation location for the system folder in Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. The malware creates the following files on your PC:

  • c:\204.vbs


Payload

Allows backdoor access and control

Backdoor:Win32/Zegost.CK gives a hacker access and control of your PC. They can then perform a number of different actions, including:
  • Downloading and running files
  • Uploading files
  • Spreading malware to other PCs
  • Logging your keystrokes or stealing your sensitive data
  • Modifying your system settings
  • Running or stopping applications
  • Deleting files

This malware description was produced and published using automated analysis of file SHA1 ea552904e63526572cc03158ad7a52de6602c6be.Symptoms

System changes

The following could indicate that you have this threat on your PC:

  • You have these files:

    \update.exe
    c:\204.vbs

Last update 12 September 2014

 

TOP