PWS:Win32/Zbot.gen!AF

Posted: November 17, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	105

First Seen:	July 18, 2011
Last Seen:	January 10, 2022
OS(es) Affected:	Windows

PWS:Win32/Zbot.gen!AF is a malicious Trojan that is involved in a malicious ACH debit transfer malware spam campaign and targets Automated Clearing House (ACH), is the e-network in USA that processes financial transactions. by sending the fake emails to web users' mailboxes. The bogus emails with different captions that refer to ACH come from various IDs that are spoofed. All the fraudulent emails include one web-link, which allegedly gives the additional details of the transaction. If the email recipient clicks on the malicious link, his/her web browser tries to access infected websites that ask the PC user to immediately download and install Adobe Flash Player. These websites download the website of Adobe that serves the update. However, the download provided in a file named 'flash.exe,' installs PWS:Win32/Zbot.gen!AF. Once a computer system is corrupted by PWS:Win32/Zbot.gen!AF, it tries to make a connection with the Internet Protocol address 64.252.17.231 on the 11760 port, possibly for telling its creator that the affected PC system has been infected. If you receive the unsolicited email related to ACH that contains a web-link and malicious file, do not click and open it to protect your PC from PWS:Win32/Zbot.gen!AF.

Aliases

TR/Crypt.XPACK.Gen7 [AntiVir]Trojan:W32/Agent.DUFR [F-Secure]Trojan.Win32.Inject.etvk [Kaspersky]W32/Zbot.GH.gen!Eldorado [F-Prot]Trj/Ransom.AB [Panda]Agent [AVG]W32/Zbot.ANH!tr.pws [Fortinet]Virus.Agent [Ikarus]Troj/Karag-K [Sophos]Heuristic.BehavesLike.Win32.Suspicious-BAY.K [McAfee-GW-Edition]TR/Crypt.XPACK.Gen [AntiVir]Trojan.DownLoader6.56603 [DrWeb]TrojWare.Win32.Injector.XAA [Comodo]Trojan.Win32.Inject.eoyb [Kaspersky]Win32:MalOb-KU [Trj] [Avast]
More aliases (204)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%SystemDrive%\Users\<username>\Start Menu\Programs\Startup\usyt.exe

File name: usyt.exe
Size: 192.51 KB (192512 bytes)
MD5: fca82b68b46718e10e939151c68a10fc
Detection count: 90
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\Start Menu\Programs\Startup
Group: Malware file
Last Updated: October 5, 2011

%USERPROFILE%\Application Data\1368429.exe

File name: 1368429.exe
Size: 225.79 KB (225792 bytes)
MD5: 3dc8bc632631cd1f9696e3051dfbb601
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data
Group: Malware file
Last Updated: January 1, 2012

%WINDIR%\TEMP\VRT23.tmp

File name: VRT23.tmp
Size: 55.8 KB (55808 bytes)
MD5: 070728ba00c67c78bc2a25966e806945
Detection count: 54
File type: Temporary File
Mime Type: unknown/tmp
Path: %WINDIR%\TEMP
Group: Malware file
Last Updated: July 20, 2011

%APPDATA%\Minoral\minoral.exe

File name: minoral.exe
Size: 757.76 KB (757760 bytes)
MD5: 08505bc34fb00a34f6c7fb780bcb33d7
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Minoral
Group: Malware file
Last Updated: August 5, 2011

%SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\kepec.exe

File name: kepec.exe
Size: 170.49 KB (170496 bytes)
MD5: 3310d6bf51395eb25e61c4c00a54f4de
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup
Group: Malware file
Last Updated: January 10, 2022

%APPDATA%\msconfig.dat

File name: msconfig.dat
Size: 101.37 KB (101376 bytes)
MD5: 465210cbb35ab0cfe5e8f36c4ced00b9
Detection count: 9
File type: Data file
Mime Type: unknown/dat
Path: %APPDATA%
Group: Malware file
Last Updated: April 10, 2013

%USERPROFILE%\nloadfBC.dll

File name: nloadfBC.dll
Size: 531.45 KB (531456 bytes)
MD5: 34c4c50f75cfc5bc25fb8b69dc87bbce
Detection count: 7
File type: Dynamic link library
Mime Type: unknown/dll
Path: %USERPROFILE%
Group: Malware file
Last Updated: July 25, 2011

%ALLUSERSPROFILE%\QuestScan\questscan154.exe

File name: questscan154.exe
Size: 26.11 KB (26112 bytes)
MD5: d526f63f19e392e013178999a08b5f4b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\QuestScan
Group: Malware file
Last Updated: July 20, 2011

%TEMP%\yebol.exe

File name: yebol.exe
Size: 184.83 KB (184832 bytes)
MD5: 02ba2e8df87cd66f270560b1ae37afcd
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: September 26, 2011

More files

PWS:Win32/Zbot.gen!AF

Threat Metric

Aliases

Technical Details

File System Modifications

Leave a Reply