Trojan.Zbot

Trojan.Zbot Description



Trojan.Zbot is a broad subtype of backdoor Trojans that steal passwords and other confidential information, while also weakening the security of the infected PC. Because Trojan.Zbot encompasses many different Zbot variants, such as Trojan-Spy.Win32.Zbot.apqa, TSPY_ZBOT.FAZ, Trojan-Spy.Win32.Zbot.boux or Trojan-Spy.Win32.Zbot.bfur, the symptoms of a Trojan.Zbot infection can be very diverse or, in some cases, nonexistent. However, SpywareRemove.com malware research team have found all variants of Trojan.Zbot to be extremely dangerous, and the majority of Trojan.Zbot infections will seek to harvest specific information that’s related to account logins or finances. If you suspect that a Trojan.Zbot Trojan has compromised your computer, be ready to take extreme measures, including use of advanced anti-malware software, to remove Trojan.Zbot and shut down the violation of your privacy.

How Trojan.Zbot Creeps into Your PC with Zero Suspicion


Trojan.Zbot Trojans and other forms of backdoors have been noted for using deceptive methods of infecting PCs, but SpywareRemove.com malware researchers have noticed a particular rise in advanced social engineering tactics to spread Trojan.Zbot. Common ways of being infected by Trojan.Zbot can include:
  • Social networking links. Variants of Trojan.Zbot may disguise themselves in the form of fake video or pictures files, or use compromised accounts to send themselves to social contacts. Facebook is an especially popular target for certain variants of Trojan.Zbot, such as TSPY_ZBOT.FAZ. Never download a file, even if it’s sent by a friend, unless you’re certain that it’s legitimate.
  • Fake software updates. Adobe Flash updates, codec updates and general movie player updates are all exploited to install Trojan.Zbot and other Trojans.
    Download SpyHunter Spyware Scanner
    Never acquire software updates from unofficial or disreputable sources, and always navigate to official websites by typing the URL rather than following links that have been given to you.
  • Fake infection alerts. These warnings are often embedded in fake online scanners that trigger automatically, and are a primary distribution method for rogue security software, as well as Trojans that install scamware.

What Happens in the Aftermath When Trojan.Zbot Hits


Variants of Trojan.Zbot Trojans may show different symptoms, and many may show no symptoms at all. However, SpywareRemove.com malware experts have found the following traits to be extremely common, based on standard operating procedures for typical Trojan.Zbot infections:
  • Trojan.Zbot will launch itself and remain active without permission and may use some method to conceal itself, such as by renaming itself after a normal system file or even by using advanced techniques to inject its code into system processes. These hiding attempts can be noted if you look for extra memory processes or unusual memory usage for a process.
  • Trojan.Zbot may open your network ports and disable or alter your firewall to allow free networking traffic.
  • Other security programs besides your firewall may also be blocked by Trojan.Zbot; these blockades may use fake error messages to trick you into thinking that these programs are infected.
  • Browser hijacks may redirect you to phishing websites or other harmful sites that try to steal private information, such as your credit card number or account password. Browser hijacks can be noticed when your web browser redirects itself to a strange website, when your homepage settings are changed or when pop-ups appear without explanation.

Because most Trojan.Zbot Trojans that SpywareRemove.com malware researchers are familiar with have a tendency to focus on stealing passwords and financial data (such as Bank of America account data), you should consider any possible Trojan.Zbot attack an extreme threat and react with appropriate caution.

Aliases


Generic7_c.BULS [AVG]W32/Bublik.AKIQ!tr [Fortinet]Backdoor.Win32.DarkKomet [Ikarus]a variant of Win32/Injector.Autoit.HN [ESET-NOD32]Trojan/Win32.Jorik [AhnLab-V3]Win32.Troj.Bublik.ak.(kcloud) [Kingsoft]Heuristic.BehavesLike.Win32.Suspicious-BAY.S [McAfee-GW-Edition]TR/Rogue.8877826.1 [AntiVir]Trojan.PWS.Stealer.1932 [DrWeb]Trojan.Generic.8877826 (B) [Emsisoft]

More aliases (674)


Trojan.Zbot Automatic Detection Tool (Recommended)


Is your PC infected with Trojan.Zbot? To safely & quickly detect Trojan.Zbot, we highly recommend you run the malware scanner listed below.




Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

Additional Information

  • The following URL's were detected:
    2sdfhs8d7fsh34d8f7s.org51qn.netav4321.usbatmu.cnclicksurfcash.netcrisis1s.comfordearfriends.comhotdomainworld.infokakajz.cnlilj.ussfqjsf.cnskp360.com
Posted: March 4, 2007 | By
Share:
Follow Me on Pinterest More More
Threat Level: 9/10
1 Star2 Stars3 Stars4 Stars5 Stars (10 votes, average: 4.00 out of 5)
Loading ... Loading ...
Rate this article:
Detection Count: 14,528

6 Comments

  • Andie says:
    May 1, 2012 at 2:08 pm

    I have this virus in my pc and I run the pc with microsoft security essentials. It recognized the virus and says it’s removed but when I run the antivirus again it’s always the same. I also can’t open antivirus websites so my question is can I install spyhunter without unninstal microsoft security essentials or should I unninstal it?
    Thanks and sorry for my english

  • Bartending Guide says:
    March 7, 2012 at 2:58 pm

    This is very interesting, You’re a very skilled blogger. I have joined your rss feed and look forward to seeking more of your magnificent post. Also, I’ve shared your website in my social networks!

  • Pasquale Alagna says:
    February 18, 2012 at 1:28 pm

    When I first started to expeirence the dreaded Win 7 Anti Virus pop ups, I created a new admin profile and deleted the infected one. The profile is working fine but my fire wall is turned off. It gives me a error message when I try to turn it back on. I tried to delete its registry entires but there is only about 5 of them and when I right click on them the delete option is not available.<br />When I click to the space to the right it says "default" and there is a option available when I right click to delete. These are the five entries that I see.<br />HKEY_CLASSES_ROOT<br />HKEY_CURRENT_USER<br />HKEY_LOCAL_MACHINE<br />HKEY_USERS<br />HKEY_CURRENT_CONFIG<br />The message to the right of these entries does not change when I click on the different HKEY’s. Should I delete this message to the right? Is this the virus? What should I do?

  • kamagra says:
    January 25, 2012 at 12:48 pm

    well written blog thanks for sharing will make sure i follow your work

  • Martin Andrino says:
    January 16, 2012 at 2:34 pm

    Great post, thank you!

  • KIS 2012 says:
    January 11, 2012 at 10:15 pm

    I’m using Kaspersky in both my laptop and desktop. I previously used the antivirus version and it didn’t use that much memory as much as the internet security version doesn. So, i again installed the antivirus version but I don’t see much difference. My desktop has only 256RAM. I can’t do anything else if I open 2 application. But I can’t rely on other antivirus softwares because their detection rate suck. (believe me, I’m an antivirus pro). So. What should I do now?

Leave a Reply

What is 5 + 4 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)