Solved! Use QKASGW.EXE (Backdoor Zegost) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

QKASGW.EXE – Backdoor Zegost removal

FileMD5Virus Alias
QKASGW.EXE f28425c4cb9b2969399886dede80cc4d Backdoor Zegost
QKASGW.EXE f28425c4cb9b2969399886dede80cc4d Trojan XPACK
QKASGW.EXE f28425c4cb9b2969399886dede80cc4d Trojan Generic
QKASGW.EXE f28425c4cb9b2969399886dede80cc4d Trojan Eldorado
QKASGW.EXE f28425c4cb9b2969399886dede80cc4d Trojan Downloader
QKASGW.EXE f28425c4cb9b2969399886dede80cc4d Trojan Graftor

QKASGW.EXE size: 93505 bytes
QKASGW.EXE hash: F28425C4CB9B2969399886DEDE80CC4D

Created files:

%WinDir%\qkasgw.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\wetwg\Type: 10010000
HKLM\System\CurrentControlSet\Services\wetwg\Start: 02000000
HKLM\System\CurrentControlSet\Services\wetwg\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\wetwg\DisplayName: dssfsdfs
HKLM\System\CurrentControlSet\Services\wetwg\ImagePath: %WinDir%\qkasgw.exe
HKLM\System\CurrentControlSet\Services\wetwg\Description: gsgsgsgsd

Detected by UnHackMe:

QKASGW.EXE
Default location: %WinDir%\QKASGW.EXE

Dropper information:
MD5: f28425c4cb9b2969399886dede80cc4d
File size: 93505 bytes

Leave a Reply