Backdoor:Win32/Bezigate.A Description

Backdoor:Win32/Bezigate.A is a dangerous backdoor Trojan that was first detected in August of 2012. However, ESG security researchers have been dealing with malware very similar to Backdoor:Win32/Bezigate.A since at least 2010. This is because Backdoor:Win32/Bezigate.A belongs to a very large group of backdoor and spy Trojans that use recycled code repeatedly. ESG security researchers have observed numerous examples of these dangerous Trojan infections essentially copying and pasting huge portions of code from malware threats that can be traced back to 2010. It is important to note that despite its lack of originality, the Backdoor:Win32/Bezigate.A Trojan poses a very severe threat to a computer. ESG security analysts strongly recommend downloading the latest malware definitions in order to keep your security software updated and capable of detecting and removing the Backdoor:Win32/Bezigate.A Trojan from your computer.

What Can the Backdoor:Win32/Bezigate.A Trojan Do to a Computer?

The Backdoor:Win32/Bezigate.A Trojan is designed to allow a criminal to gain unauthorized access to an infected computer. Using the Backdoor:Win32/Bezigate.A Trojan, criminals can also control the infected computer from a remote location. In fact, the Backdoor:Win32/Bezigate.A infection allows criminals a great degree of flexibility since it basically involves opening an opening in the infected computer's security which can then be used to install other malware, steal information or deliberately cause problems on the infected computer. Backdoor:Win32/Bezigate.A belongs to a category of malware known as backdoor Trojans. These malware threats establish a backdoor on the infected machine. This is simply an opening in the infected computer's security that can be exploited by criminals. Using Backdoor:Win32/Bezigate.A's backdoor, criminals can install other malware or spy on your personal data.

Backdoor:Win32/Bezigate.A is contained in an executable file named 'age yaha.exe' which is typically installed on the infected computer's system folder. It also adds the value yaahaha to the Windos Registry that simply allows Backdoor:Win32/Bezigate.A to run automatically whenever the infected computer starts up. Variants of Backdoor:Win32/Bezigate.A use names that are better disguised, such as 'update' or fake versions of common Windows files and processes.

Using the Backdoor:Win32/Bezigate.A backdoor, criminals can carry out any of the following tasks on the infected computer:

  • Steals files from the infected computer.
  • Installs other malware on the victim's computer.
  • Spies on the victim's activity.
  • Deletes files from the infected computer.
  • Makes dangerous changes to the victim's computer's settings.

Technical Information

File System Details

Backdoor:Win32/Bezigate.A creates the following file(s):
# File Name Detection Count
1 %AppData%\scrss.exe N/A
2 %AppData%\dllhost.exe N/A
3 %AppData%\pagefile.sys N/A
4 %AppData%\rundll.exe N/A

Registry Details

Backdoor:Win32/Bezigate.A creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ctfmon" = "%AppData%\", for example "%AppData%\rundll.exe"