Security home


Home / malwarePDF  


First posted on 03 July 2012.
Source: Microsoft

Aliases :

Backdoor:Win32/Zegost.X is also known as BDS/Zegost.X.74 (Avira), Gen:Variant.Graftor.984 (BitDefender), BackDoor.Storm.6 (Dr.Web), Win32/Farfli.LJ trojan (ESET), BackDoor-FADV!01B66B98EAEC (McAfee), BACKDOOR.Trojan (Symantec).

Explanation :

Backdoor:Win32/Zegost.X is the DLL component of the Zegost malware family. It is usually installed in your computer by other variants of Zegost, such as Backdoor:Win32/Zegost.AD.

Backdoor:Win32/Zegost.X may have the following file name:


In the wild, we have observed Backdoor:Win32/Zegost.X being dropped and injected into the "explorer.exe" process by Backdoor:Win32/Zegost.AD.


Allows backdoor access and control

Backdoor:Win32/Zegost.X allows an unauthorized user to gain access and control of your computer. It may connect to the following servers:


Once connected, the unauthorized user can perform any number of different actions on your computer using Backdoor:Win32/Zegost.X. These could include, but are not limited to, the following:

  • Downloading and running arbitrary files
  • Uploading files
  • Logging keystrokes and stealing sensitive data
  • Getting information about your computer
  • Capturing what's on your screen
  • Running or stopping programs
  • Deleting files

Analysis by Elda Dimakiling

Last update 03 July 2012



Malware :