Solved! Use RQFJQU.EXE (Backdoor Zegost) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RQFJQU.EXE – Backdoor Zegost removal

FileMD5Virus Alias
RQFJQU.EXE adc562fbe83567343412958f7d0b1919 Backdoor Zegost
RQFJQU.EXE adc562fbe83567343412958f7d0b1919 Trojan Downloader
RQFJQU.EXE adc562fbe83567343412958f7d0b1919 Trojan Graftor
RQFJQU.EXE adc562fbe83567343412958f7d0b1919 Rootkit TDSS
RQFJQU.EXE adc562fbe83567343412958f7d0b1919 Trojan Agent
RQFJQU.EXE adc562fbe83567343412958f7d0b1919 Backdoor Farfli

RQFJQU.EXE size: 145593 bytes
RQFJQU.EXE hash: ADC562FBE83567343412958F7D0B1919

Created files:

%WinDir%\rqfjqu.EXE

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\National\Type: 10010000
HKLM\System\CurrentControlSet\Services\National\Start: 02000000
HKLM\System\CurrentControlSet\Services\National\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\National\DisplayName: National Instruments Domain Service
HKLM\System\CurrentControlSet\Services\National\ImagePath: %WinDir%\rqfjqu.EXE
HKLM\System\CurrentControlSet\Services\National\Description: Provides a domain server for NI security.

Detected by UnHackMe:

RQFJQU.EXE
Default location: %WinDir%\RQFJQU.EXE

Dropper information:
MD5: adc562fbe83567343412958f7d0b1919
File size: 145593 bytes

Leave a Reply