TSPY_ZBOT.SMHA
Posted: February 1, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 82 |
| First Seen: | February 1, 2012 |
|---|---|
| OS(es) Affected: | Windows |
TSPY_ZBOT.SMHA is a banking Trojan that has been recently distributed by fraudulent Fidelity Investments e-mail. All known versions of TSPY_ZBOT.SMHA have been noted to gather identifying information about the computers that they infect, and many may also attempt to steal financial-related data (such as passwords for bank accounts). Some variants of TSPY_ZBOT.SMHA may also be worms that have the ability to spread via networks and removable hard drive-based devices. Since spam e-mail messages that contain TSPY_ZBOT.SMHA include TSPY_ZBOT.SMHA as a file attachment, SpywareRemove.com malware experts warn against opening unusual file attachments, even if the source appears to be legitimate, and note that Fidelity Investments, like all reputable companies, will refrain from sending any type of information in the form of an attached file due to the security risks involved.
When Eagerness for Acquiring Fiscal Data Can End Up Costing You Yours
TSPY_ZBOT.SMHA, like other Trojans from the Zbot family, is a Trojan that attempts to covertly gather and steal both identifying information about your PC and information that's related to your banking activities and other financial transactions. Since TSPY_ZBOT.SMHA will attempt to maintain its presence without drawing notice, SpywareRemove.com malware researchers recommend that you use competent anti-malware programs to detect TSPY_ZBOT.SMHA, which may not display many symptoms of its presence.
Even easier than detecting TSPY_ZBOT.SMHA is simply keeping TSPY_ZBOT.SMHA off of your PC in the first place by avoiding TSPY_ZBOT.SMHA's latest infection vector – fake Fidelity Investments e-mail messages that purport to contain a statement for review. This statement, supposedly a Word document that's contained within an attached .zip file, actually is TSPY_ZBOT.SMHA, which will be installed if you try to launch the relevant file. TSPY_ZBOT.SMHA is capable of stealing passwords and other types of personal information from a variety of web browsers and e-mail clients, and may also use your computer's resources to send additional spam e-mail messages to continue its propagation. This variant of TSPY_ZBOT.SMHA can be identified by any of the following aliases: Backdoor.Win32.CVVStealer, Dropper/Malware.104448.BI, TR/Extats.A.8, Trojan horse Dropper.Generic3.QPG, PWS-Zbot.gen.cy, Trojan:Win32/Nedsym.G, Trojan.DownLoader2.2932, Trojan.Generic.KDV.127916, Trojan.Kryptik!qe91GsXtiqs, Trojan-Dropper.Win32.Pakes.dh, W32/Crypt.AUQM, W32/MalwareF.XUGG and Win32/Tnega.WCI.
When Your TSPY_ZBOT.SMHA Problem Becomes a Worm Infestation
Although TSPY_ZBOT.SMHA is most well-known for its spyware attacks, in some cases, the TSPY_ZBOT.SMHA label may also be applied to worms. Worm versions of TSPY_ZBOT.SMHA can also be identified by the names PWS-Spyeye.s and Worm.Win32/AutoRun.abo. SpywareRemove.com malware experts recommend that you be on guard against the following attacks if you suspect that this variant of TSPY_ZBOT.SMHA is on your PC (in addition to the spyware-based functions noted above):
- This version of TSPY_ZBOT.SMHA may inject malicious code into normal system processes (such as explorer.exe) to complicate its removal.
- TSPY_ZBOT.SMHA may copy itself to other drives, particularly removable ones, and then use Autorun exploits to install itself on other computers that access that drive.
- TSPY_ZBOT.SMHA may attempt to terminate Windows processes that aren't contaminated with its own code.
- TSPY_ZBOT.SMHA may contact a remote server to receive further instructions, download other PC threats for installation or transmit stolen information.
SpywareRemove.com malware analysts recommend that you only remove TSPY_ZBOT.SMHA, particularly their worm-based variants, with high-quality anti-malware programs, since TSPY_ZBOT.SMHA will try to evade removal by normal methods and is likely to create a wide range of system changes for your PC.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.