DHL Express Notification with the Trojan PWS-Zbot.gen.cc

Posted: November 1, 2011

DHL Express Notification with the Trojan PWS-Zbot.gen.cc is a fake package delivery e-mail that distributes Trojan PWS-Zbot.gen.cc by claiming that the attached file is a delivery notice. Although the DHL Express Notification message looks reasonably-legitimate, DHL Express Notification has no connection with any real package delivery service or tracking company, and should be deleted if found in your e-mailbox. If you've installed Trojan PWS-Zbot.gen.cc by accident, SpywareRemove.com malware experts advise you to be aware of the risk of PWS-Zbot.gen.cc stealing your private information, including login data for banking websites, passwords, cache-saved information and any data that's entered from your keyboard or visible on your monitor (via keylogging and screen captures). Since Trojans that are distributed by the DHL Express Notification scam are also known to infect normal system processes, it's strongly advised for you to use an anti-malware application if you need to remove Trojan PWS-Zbot.gen.cc from your PC.

The Consequences of Downloading a DHL Express Notification's Favorite Trojan

DHL Express Notification PWS-Zbot.gen.cc scams are presented in the form of randomly-distributed e-mail documents that mimic delivery notifications from DHL (an international delivery company). However, unlike a genuine delivery notice, a DHL Express Notification with the Trojan PWS-Zbot.gen.cc attack will include a .zip file attachment that contains the Zbot Trojan. A complete sample of one currently-known DHL Express Notification message is shown below:

DHL Express Notification for shipment for 26 Oct 2011.

AWB Number: 0193112309848
Pickup Date: 2011-10-26 17:21:00
Service: P
Pieces: 1
Cust. Ref:

EVENT CATEGORY
26 Oct 11 08:15 AM – Clearance processing complete
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa[dot]com or globally under http://xxx.dhl[dot]com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications

DHL is Part of the World’s Leading Logistics Group, Deutsche Post DHL DHL offers integrated services and tailored, customer-focused solutions for managing and transporting letters, goods and information. DHL: Four Divisions – One Brand – One Provider – All Your Solutions DHL comprises four divisions. These segments operate under the control of their own divisional headquarters. The Group management functions are performed by the Corporate Center. We have centralized the internal services which support the entire Group, including Finance Operations, IT and Procurement. This consolidation enables us to increase the flexibility of our business, improve service quality and leverage economies of scale and cost benefits. Customer Service Center at http://xxx.dhl[dot]com

If you attempt to launch the attached file, your PC will be infected by Trojan PWS-Zbot.gen.cc, an advanced backdoor Trojan and spyware program that's capable of initiating several types of attacks. SpywareRemove.com malware analysts have found that the most widely-used Trojan PWS-Zbot.gen.cc attacks include the following:

  • Infecting normal system processes like winlogon.exe and explorer.exe.
  • Infecting multiple drives, including network-shared locations and removable drives (such as USB devices).
  • Stealing port number, IP, user name and passwords for FTP-management programs, including Total Commander, winscp, CoreFTP and FlashFXP.
  • Stealing passwords and other information from Internet Explorer cookies, cached data files, certificates and other sources. Trojan PWS-Zbot.gen.cc will try to extract login info for sites like Full Tilt Poker and Windows e-mail accounts.
  • Reducing the security of your web browsers, including Firefox and Internet Explorer, by setting many different security settings to zero.

What You Can Do to Put DHL Express Notification with the Trojan PWS-Zbot.gen.cc Back in Its Place

As long as you delete any DHL Express Notification spam e-mail messages, your computer should have minimal danger of being infected by Trojan PWS-Zbot.gen.cc (which is also known as W32/Zbot and Win-Trojan/Obfuscated.Gen). Since the DHL Express Notification scam was observed in late October of 2011, be certain to keep your anti-malware software just as up-to-date to make sure that it can identify and delete any DHL Express Notification Trojans.

If you are infected by PWS-Zbot.gen.cc, SpywareRemove.com malware analysts discourage trying to remove PWS-Zbot.gen.cc by yourself – this has a strong chance of failing or even damaging Windows. Utilize multiple scans in Safe Mode to make sure that your software has found all versions of PWS-Zbot.gen.cc, and scan your entire PC, including any removable drives. However, if you haven't interacted with the DHL Express Notification's file attachment, the e-mail itself can't do your PC any harm, although PWS-Zbot.gen.cc should be deleted as a matter of course.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DHL Express Notification with the Trojan PWS-Zbot.gen.cc may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Spam DHL Express Notification with the Trojan PWS-Zbot.gen.cc

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.