Know Your Malware: Zagaban Removal

Zagaban is a backdoor designed to run a hidden proxy server on a compromised computer. The threat is controlled by the remote attacker. He is allowed to reconfigure Zagaban and integrated proxy and modify the system Hosts file in order to block access to certain Internet resources or redirect the user to undesirable web sites. Zagaban is able to hide its active processes. The backdoor automatically runs on every Windows startup.

Related files: gld.exe, gld.dll, hosts.dll, socks.dll

Zagaban properties:
Allows remote user connection
Connects itself to the internet
Hides from the user
Stays resident in background Remove Zagaban, removal instructions

Linked by shanmuga Friday, 4th November 2005 9:29PM