Solved! Use SVCHOST.EXE (Backdoor Zegost) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SVCHOST.EXE – Backdoor Zegost removal

FileMD5Virus Alias
SVCHOST.EXE 4008f57430b4e188ff0498f7c4ffd1ea Backdoor Zegost
SVCHOST.EXE 4008f57430b4e188ff0498f7c4ffd1ea Trojan SuspiciousFile
SVCHOST.EXE 4008f57430b4e188ff0498f7c4ffd1ea Trojan Generic
SVCHOST.EXE 4008f57430b4e188ff0498f7c4ffd1ea Trojan Eldorado
SVCHOST.EXE 4008f57430b4e188ff0498f7c4ffd1ea Trojan Agent

SVCHOST.EXE size: 23440 bytes
SVCHOST.EXE hash: 4008F57430B4E188FF0498F7C4FFD1EA

Created files:

%Program Files%\Microsoft Epcniv\svchost.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Wshgxx vxnmswug\ConnectGroup: ??????
HKLM\System\CurrentControlSet\Services\Wshgxx vxnmswug\MarkTime: 2014-11-17 22:17
HKLM\System\CurrentControlSet\Services\Wshgxx vxnmswug\Type: 10010000
HKLM\System\CurrentControlSet\Services\Wshgxx vxnmswug\Start: 02000000
HKLM\System\CurrentControlSet\Services\Wshgxx vxnmswug\DisplayName: Cymkme owqqkyuk
HKLM\System\CurrentControlSet\Services\Wshgxx vxnmswug\ImagePath: %Program Files%\Microsoft Epcniv\svchost.exe

Detected by UnHackMe:

SVCHOST.EXE
Default location: %PROGRAM FILES%\MICROSOFT EPCNIV\SVCHOST.EXE

Dropper information:
MD5: 4008f57430b4e188ff0498f7c4ffd1ea
File size: 23440 bytes

Leave a Reply