Home Malware Programs Spyware TSPY_ZBOT.HEK

TSPY_ZBOT.HEK

Posted: July 21, 2010

TSPY_ZBOT.HEK is a Trojan spyware program that represents a serious threat to PC security. TSPY_ZBOT.HEK scans your PC for passwords, particularly for online banking sites, and will steal these passwords and send them to malicious hackers. TSPY_ZBOT.HEK will also attempt to intercept and transmit your sign-in information, other cached Windows passwords and email account passwords. TSPY_ZBOT.HEK is extremely dangerous and should be removed immediately once detected.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\lowsec\user.ds

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HKEY..\..\..\..{RegistryKeys}EnableFirewall = "0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\SharedAccess\Parameters\ FirewallPolicy\StandardProfileUID = "{Computer name}_{Random numbers}"Userinit = "%System%\userinit.exe, %System%\sdra64.exe,"Windows NT\CurrentVersion\NetworkWindows NT\CurrentVersion\Winlogon
Loading...