Backdoor.Zegost
Backdoor.Zegost will permit a remote attacked to take control of your computer. You must remove this Trojan at once.
Backdoor.Zegost is a harmful computer Trojan that will function as a backdoor once it gains an access on your computer. Backdoor.Zegost will connect to a specified domain that will allow a remote attacker to download and execute files on victim’s PC. Additionally, it will let the author to have control on the affected system using the same backdoor port.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Once executed on the computer, Backdoor.Zegost will make a copy of its harmful files on different folders. Then, it will process a start-up entry on Windows registry. This makes the Trojan to load after user’s log-on. Alternative way to run the Trojan is by injecting malicious code into Windows file called svchost.exe. A file usually loads during boot-up to load certain Windows services.
Once running, Backdoor.Zegost will try to connect to specified domains or web site. It opens a link so that remote attacker may allow controlling the infected PC. The connection also serves to download and execute files.
Distribution
This kind of Trojan spreads through file-sharing networks. In most occasions, Backdoor.Zegost author embeds the code onto legitimate executable files that are in demand to computer users and makes it available on a public server. Using a sophisticated technique, it often conceals itself from antivirus program. A Spam email message is another channel to spread the Trojan to unspecified targets. It may arrive as an attached file that disguises as valid document file.
Associated Files and Folders:
%ProgramFiles%\Common Files\lanmao.exe %AllUsersProfile%\lmm.txt
Other functionalities of this Trojan:
- Download and execute files
- Block Internet access
- Redirect predefined URL to other web sites
- Embed snippets to online banking web sites to steal information
How to Remove Backdoor.Zegost
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Backdoor.Zegost, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will boot Windows loading only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Additional virus removal tool provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.
5. Go to NPE web page and download the tool.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
10. Now click on Fix to start removing the threats including Backdoor.Zegost remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.