Trojan.Zombieboy
The Trojan.Zombieboy is used by cybercriminals who infect computers and then exploit their hardware resources to mine for cryptocurrencies like Monero. In addition to being able to execute a Trojan miner on the compromised computer, it also may use a popular exploit in the Server Message Block (SMB) to spread itself to other vulnerable computers.
Just like many other Trojan Miners, this one also relies on a modified version of the open-source XMRig to execute its mining operations. In addition to the mining module, the Trojan.Zombieboy also may deploy several other modules that might be associated with a Remote Access Trojan (RAT). Malware researchers have noticed that the core module of Trojan.Zombieboy also can counter reverse-engineering attempts by checking if it is being run in a controlled virtual environment. Last but not least, Trojan.Zombieboy has the ability to obtain system information about the compromised computer – installed anti-virus software, running processes, scheduled tasks, hardware details, OS details, etc.
Spotting the activity of Trojan.Zombieboy may be very difficult because this threat is not meant to show any obvious symptoms. One way to spot it is to manually check for the following running processes:
123.exe, 64.exe, 74.exe, 84.exe, N.exe, S.exe, and an ‘svchost.exe’ process that is not started from the ‘\Windows\System32’ directory.
The best way to deal with the issues that Trojan.Zombieboy causes is to run an up-to-date anti-virus program that will identify and eliminate all components linked to the attack immediately.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.