Backdoor:Win32/Bezigate.A

Posted: November 6, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	78

First Seen:	November 6, 2012
OS(es) Affected:	Windows

Backdoor:Win32/Bezigate.A is a backdoor Trojan that lets criminals control your PC by exploiting hidden vulnerabilities. While Trojans that are founded on an identical code as Backdoor:Win32/Bezigate.A Trojans have been known to steal confidential information, Backdoor:Win32/Bezigate.A may be used to launch other attacks – particularly those that involve the installation of other malware or disabling your security programs. Because Backdoor:Win32/Bezigate.A doesn't have symptoms, uses file names that aren't obvious and makes changes to the Windows Registry, SpywareRemove.com malware research team encourages the usage of anti-malware scanners whenever detecting or removing Backdoor:Win32/Bezigate.A becomes necessary.

Backdoor:Win32/Bezigate.A – the Invisible Hand of Criminal Coders at Work

Backdoor:Win32/Bezigate.A is designed solely to force infected PCs to relinquish control over to criminals who access the infected computer via a Control & Command server. Like TrojanSpy:Win32/SSonce.C, Backdoor:Win32/Talsab.C and Backdoor:Win32/Nosrawec.C, Backdoor:Win32/Bezigate.A uses the copy-pasted code of an old Trojan from 2010, but includes enough minor additions and changes to be considered to be an individual PC threat unto itself.

Attacks by Backdoor:Win32/Bezigate.A can vary with the commands that are given to Backdoor:Win32/Bezigate.A by its criminal controllers, although SpywareRemove.com malware experts have noted the following problems as being highly likely in a Backdoor:Win32/Bezigate.A infection:

Unauthorized control over keyboard input (typing).
Unauthorized control over mouse cursor movement and clicks.
Attempts to steal personal information by screen captures, keylogging and other means that are common to backdoor Trojans with spyware features.
Downloading and installing other malware onto your PC.
Blocked applications, especially in the case of prominent anti-virus scanners. Booting Windows into Safe Mode or booting from USB drives can be used to work around any problems using programs that you require to disinfect your PC of Backdoor:Win32/Bezigate.A.

Erecting a Security Gate Around a Bezigate Trojan

SpywareRemove.com security analysts have discovered that most backdoor Trojans are dangerously invasive both with respect to their security changes and their attempts to collect information, and Backdoor:Win32/Bezigate.A can be considered no different from its relatives in this respect. Backdoor:Win32/Bezigate.A may include various means of avoiding detection by outdated anti-malware scanners, and you should always check to verify that your anti-malware software of preference is updated before you make an effort to delete Backdoor:Win32/Bezigate.A.

Backdoor:Win32/Bezigate.A, also known as Trojan.Win32.Agent.tntb, doesn't show any type of obvious visual symptoms in the attacks noted above. Most Windows PCs are vulnerable to Backdoor:Win32/Bezigate.A, although, for now, other operating systems don't appear to be compatible.

Since Backdoor:Win32/Bezigate.A changes the Windows Registry and may install other PC threats, any anti-malware scans that are used to remove Backdoor:Win32/Bezigate.A also should scan the rest of your computer. A failure to remove all of the system changes wrought by Backdoor:Win32/Bezigate.A can cause long-term security issues for your PC that may end up in the theft of confidential information or other attacks.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%windir%\age yaha.exe

File name: %windir%\age yaha.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "yaahaha" = "c:\windows\age yaha.exe"