Troj/Zbot-CCH

Posted: June 26, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	7,712
Threat Level:	9/10
Infected PCs:	3,031

First Seen:	June 26, 2012
Last Seen:	October 16, 2023
OS(es) Affected:	Windows

Troj/Zbot-CCH is a Trojan that's often distributed by the same methods as Mal/EncPk-NS: as an e-mail file attachment that's purported to be risqué photographs or proof of your stealing digital property by breaking into accounts. As a Zbot or Zeus Trojan-based Trojan, Troj/Zbot-CCH may attack your web-browsing safety, shut your firewall down, steal private information (such as account logins for bank sites) or simply allow criminals to control your PC wholesale from a Command & Control server. Like all Zbot variants, Troj/Zbot-CCH should be considered a high-level threat to your computer's safety, and SpywareRemove.com malware research team especially encourages you to be cautious around unusual e-mail file attachments, even if they seem to be sent by a friend.

Troj/Zbot-CCH – a New Spin on Zeus with Appropriately Licentious Infection Tactics

Whereas the original Zeus was a Greek god known for descending from the heavens for ravishing damsels, Troj/Zbot-CCH is, in many ways, a digital equivalent, since its spammed e-mails tend to carry promises (or threats) of nude photographs. Some of those most common hoaxes that Troj/Zbot-CCH's e-mail messages use include warnings about legal investigations, threats from victims that claim that you've stolen personal files or risqué images of girlfriends and boyfriends that have been distributed throughout the web. Currently-observed e-mail files that distribute Troj/Zbot-CCH always include Troj/Zbot-CCH as a file attachment, and so, you should be protected against Troj/Zbot-CCH if you avoid downloading these attachments. Alternately, you may analyze them with anti-malware software beforehand.

Troj/Zbot-CCH and similar PC threats are often used to cripple PC security features, enable criminals to control infected PCs (a la RATs or backdoor Trojans) or install a range of other types of malicious software. However, SpywareRemove.com malware analysts note that Troj/Zbot-CCH isn't likely to show direct symptoms of its attacks. Attempting to detect or remove Troj/Zbot-CCH without suitable software that's designed to combat Trojans like Troj/Zbot-CCH is inadvisable under normal circumstances.

What You Really Opened Your PC Up to When You Clicked a Troj/Zbot-CCH 'Pic'

SpywareRemove.com malware experts recommend that victims of Troj/Zbot-CCH infections guard against the following probable attacks prior to Troj/Zbot-CCH's removal:

Disabled security-related programs, such as your firewall, Task Manager or anti-virus software.
Windows components and settings that are changed to increase your PC's susceptibility to other attacks, particularly while browsing the web.
The installation of other PC threats. These can include browser-redirecting Trojans, spyware programs that steal private data or rogue anti-malware scanners that display fraudulent security alerts.

You should assume that Troj/Zbot-CCH is open unless you've taken steps to deactivate Troj/Zbot-CCH and prevent it from launching with your operating system. SpywareRemove.com malware analysts suggest either Safe Mode or a removable media boot for this purpose.

Aliases

W32/Zbot.ACM!tr [Fortinet]Trojan.Win32.Ransom [Ikarus]Trojan/Win32.Birele [AhnLab-V3]Troj/Zbot-CCH [Sophos]Artemis!B4E77546C5A7 [McAfee-GW-Edition]BackDoor.Andromeda.22 [DrWeb]Trojan.Generic.KDV.658377 [BitDefender]Trojan.Win32.Jorik.Androm.qi [Kaspersky]Downloader.Dromedan [Symantec]W32/Trojan2.NRTE [F-Prot]Generic.dx!b2u4 [McAfee]

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe

File name: file.exe
Size: 51.36 KB (51366 bytes)
MD5: f24446bf2bb69ff8bcb377c0cbf6a955
Detection count: 58
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 28, 2012

Photo-12.zip

File name: Photo-12.zip
Size: 35.38 KB (35387 bytes)
MD5: 0fcd721f02143fd8f9ca5c4a2ccadde5
Detection count: 56
Mime Type: unknown/zip
Group: Malware file
Last Updated: June 28, 2012

IMG4898.exe

File name: IMG4898.exe
Size: 64 KB (64000 bytes)
MD5: b4e77546c5a762987fafe289e401aa57
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 28, 2012