Trojan-Spy.Win32.Zbot.addi
Trojan-Spy.Win32.Zbot.addi or Trojan-Spy.Win32.Zbot, is a malicious Trojan that shows threat characteristics of a ZBot banking trojan. Trojan-Spy.Win32.Zbot.addi disables the firewall and steals sensitive financial data like credit card numbers and online banking login details. Trojan-Spy.Win32.Zbot.addi is also programmed to take screen snapshots, download additional corrupt components, and provide a hacker with the remote access to the compromised system. Trojan-Spy.Win32.Zbot.addi poses a severe security threat and should be removed from the infected system immediately.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\lowsec\local.ds 2 %System%\lowsec\user.ds 3 %System%\sdra64.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{334613DB-50C1-B3BE-95ED-E9915A134FF1}][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.