Solved! Use RIPZIY.EXE (Backdoor Zegost) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

RIPZIY.EXE – Backdoor Zegost removal

FileMD5Virus Alias
RIPZIY.EXE b89be3ac06d28a1d04b2b5b080db77b3 Backdoor Zegost
RIPZIY.EXE b89be3ac06d28a1d04b2b5b080db77b3 Trojan Generic
RIPZIY.EXE b89be3ac06d28a1d04b2b5b080db77b3 Trojan Eldorado
RIPZIY.EXE b89be3ac06d28a1d04b2b5b080db77b3 Trojan Downloader
RIPZIY.EXE b89be3ac06d28a1d04b2b5b080db77b3 Trojan Barys
RIPZIY.EXE b89be3ac06d28a1d04b2b5b080db77b3 Trojan Siggen

RIPZIY.EXE size: 91489 bytes
RIPZIY.EXE hash: B89BE3AC06D28A1D04B2B5B080DB77B3

Created files:

%WinDir%\ripziy.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Type: 10010000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Start: 02000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\DisplayName: Defghi Klmnopqr Tuvwxyab Defg
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\ImagePath: %WinDir%\ripziy.exe
HKLM\System\CurrentControlSet\Services\Defghi Klmnopqr Tuv\Description: Defghijk Mnopqrstu Wxyabcd Fghijklm Opq

Detected by UnHackMe:

RIPZIY.EXE
Default location: %WinDir%\RIPZIY.EXE

Dropper information:
MD5: b89be3ac06d28a1d04b2b5b080db77b3
File size: 91489 bytes

Leave a Reply