Backdoor:Win32/Bezigate.B

Backdoor:Win32/Bezigate.B Description

Type: Backdoors

Backdoor:Win32/Bezigate.B is a backdoor Trojan that permits cybercrooks to obtain remote unauthorized access and control of the targeted PC. Backdoor:Win32/Bezigate.B can accomplish various potentially harmful activities on the corrupted PC, incorporating but not limited to stealing sensitive details and files and transmitting them to a distant server. Backdoor:Win32/Bezigate.B drops and executes copies of itself in one of several folders (%current directory%, %windir% and %APPDATA%), as any of the file names. Backdoor:Win32/Bezigate.B modifies the Windows Registry to make sure that it can load automatically whenever the computer user boots up the affected computer. Backdoor:Win32/Bezigate.B tries to communicate with cybercrooks using the particular combinations of URLs and ports. Backdoor:Win32/Bezigate.B can create/remove/copy/move/modify files and folders, kill and start processes, steal information about the PCr, enumerate and make modifications to the Windows Registry, enumerate/modify/start/end running services, open and close Internet browser windows, retrieve files from the PC and transfer them to the cybercriminal, log keystrokes and steal private details.

Technical Information

File System Details

Backdoor:Win32/Bezigate.B creates the following file(s):
# File Name MD5 Detection Count
1 microdbs.exe N/A
2 msizap.exe N/A
3 spsreng.exe N/A
4 456.exe N/A
5 msiexc.exe N/A
6 mypass.exe N/A
7 xtreme.exe N/A
8 123.exe N/A
9 mscon.exe N/A
10 msupdt32.exe N/A
11 stub2546.exe N/A
12 file.exe 6b93722a18630cf1d2ed71f133041e01 0
More files

Registry Details

Backdoor:Win32/Bezigate.B creates the following registry entry or registry entries:
RegistryKey
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "[malware file name]" for example, "456" = "[malware file path]" for example, "C:\Windows\456.exe"

More Details on Backdoor:Win32/Bezigate.B

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • 78.184.197.86 1604
  • abdelsamed666.no-ip.com 5050
  • all.evilpacket.org 7709
  • barod.no-ip.biz 1515
  • ermenello.servegame.com 4781
  • fofo-123.no-ip.biz 1515
  • hack4ps.no-ip.info 131
  • jorlu.sytes.net 645
  • m30w.evilpacket.org 7709
  • monbebe.no-ip.org 1515
  • mrkarar.np-ip.ibz 1515
  • network-info.sytes.net 1604
  • nikt0x.no-ip.biz 1515
  • niku.uk.to 1515
  • nnqi.vicp.cc 81
  • r0x0r.no-ip.org 1515
  • rawr.evilpacket.org 7709
  • sorbbolindo.no-ip.biz 1515
  • topcumt2.zapto.org 1604
  • updupdupd.servepics.com 1604

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.