HI1.DLL is Backdoor Zegost

June 14, 2012 by NightWatcher
Filed under: Backdoor 
: Solved!

Fix it immediately:

The program HI1.DLL is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with HI1.DLL.
Download for free: http://www.unhackme.com

Malware Analysis of HI1.DLL
Full path on a computer: %SysDir%\HI1.DLL

Detected by UnHackMe:

Item Name: LocalService_0x0
Author: Unknown
Related File: %SYSDIR%\HI1.DLL
Type: Svchost DLLs

After first reboot detected by UnHackMe:

Item Name: Windows Driver
Author:
Related File: %SYSDIR%\HI2.DLL
Type: Services detected by Partizan

Removal Results: Success
Number of reboot: 2

HI1.DLL is known as:

Backdoor.Zegost, Trojan.Farfli, Trojan.ADH

HI1.DLL hash:

  • MD5: 55c020f39ae0bd64dbd431cbd0e84433
The file tries to download information from some web sites.
How to quickly detect HI1.DLL presence?

Registry:
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_LOCALSERVICE_0X0\0000\DeviceDesc: “Microsoft Windows”
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_DRIVER\0000\Service: “Windows Driver”
  • HKLM\System\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_DRIVER\0000\DeviceDesc: “Windows Driver”
  • HKLM\System\CurrentControlSet\Services\LocalService_0x0\Parameters\ServiceDll: “%SysDir%\HI1.DLL”
  • HKLM\System\CurrentControlSet\Services\LocalService_0x0\Parameters\ServiceMain: “ClientMain”
  • HKLM\System\CurrentControlSet\Services\LocalService_0x0\DisplayName: “Microsoft Windows”
  • HKLM\System\CurrentControlSet\Services\LocalService_0x0\Description: “Microsoft Windows”
  • HKLM\System\CurrentControlSet\Services\Windows Driver\ImagePath: “\??\%SysDir%\HI2.DLL”
  • HKLM\System\CurrentControlSet\Services\Windows Driver\DisplayName: “Windows Driver”
Files:
  • %SysDir%\63077.exe.xvx
  • %SysDir%\636124.exe.xvx
  • %SysDir%\636577.exe
  • %SysDir%\64230.exe.xvx
  • %SysDir%\642483.exe
  • %SysDir%\647937.exe.xvx
  • %SysDir%\648390.exe
  • %SysDir%\654296.exe
  • %SysDir%\hi.ini
  • %SysDir%\HI1.DLL
  • %SysDir%\HI2.DLL


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: Backdoor, HI1.DLL, Zegost

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.