Win32/Spy.Zbot.YW
Posted: March 28, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 92 |
First Seen: | March 28, 2012 |
---|---|
OS(es) Affected: | Windows |
Win32/Spy.Zbot.YW is a backdoor Trojan and banking Trojan that's installed with the intent of damaging your computer's security and stealing personal information, with an emphasis on bank passwords and other account-related credentials. Although many PC security companies have developed effective identification and removal tools for Win32/Spy.Zbot.YW, Win32/Spy.Zbot.YW doesn't show noticeable symptoms, and you shouldn't attempt to find or remove Win32/Spy.Zbot.YW without appropriate software unless no other options are available. Because Win32/Spy.Zbot.YW's spyware-related functions include broad and extremely potent methods of attack, SpywareRemove.com malware experts recommend that you treat any potential of Win32/Spy.Zbot.YW infection as a high-level threat to your computer until it's resolved.
Win32/Spy.Zbot.YW – a Spy with More Than One Method of Surveillance in Mind
Win32/Spy.Zbot.YW, also identified by the aliases Trojan-Spy.Win32.Zbot.ajws, Suspicious.SillyFDC and PWS:Win32/Zbot.gen!R, is equipped with an entire spectrum of default attacks that can steal information from your PC and violate its security in the process of the theft. SpywareRemove.com malware researchers have also found that Win32/Spy.Zbot.YW, like many backdoor Trojans, can update itself from a remote server or respond to remote commands for other attacks, which lends an element of unpredictability to its behavior. However, the most common attacks from Win32/Spy.Zbot.YW utilize techniques such as the ones noted here:
- Win32/Spy.Zbot.YW will launch itself as a background process that runs whenever Windows starts.
- Win32/Spy.Zbot.YW targets cookies, passwords and PC identification information and transmits these stolen data to its remote server, where it can be abused in future attacks. Information-gathering methods can include keylogging, monitoring of your online activities and screen captures.
- Win32/Spy.Zbot.YW can hook itself into various Windows APIs to conceal its attacks and gather additional information.
- Lastly, Win32/Spy.Zbot.YW will create a backdoor vulnerability on your PC that allows criminals to access and control the machine from a C&C server. This may be used for other attacks, including installing other types of malicious software.
Why Spying Out Win32/Spy.Zbot.YW Isn't Easy
As is typical of spyware, Win32/Spy.Zbot.YW doesn't show visible symptoms of its attacks and may not have an obvious memory process or file components. Despite this shroud of invisibility around Win32/Spy.Zbot.YW's structure, SpywareRemove.com malware research team encourages you to delete Win32/Spy.Zbot.YW with qualified anti-malware software right away, since Win32/Spy.Zbot.YW is capable of targeting extremely sensitive financial information for theft. Ideally, you should attempt to shut Win32/Spy.Zbot.YW down before you remove Win32/Spy.Zbot.YW in a scan, which will guarantee that all of Win32/Spy.Zbot.YW's components are removed.
Common means of disabling PC threats like Win32/Spy.Zbot.YW include booting in Safe Mode, booting from a removable drive or simply switching to a different operating system. SpywareRemove.com malware experts also note that any software that gets rid of Win32/Spy.Zbot.YW should also be capable of undoing its setting changes, such as alterations to the Windows Registry, since these changes may be a source of other issues unless they're also removed along with Win32/Spy.Zbot.YW.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:waulldon6.htm
File name: waulldon6.htmSize: 343.02 KB (343024 bytes)
MD5: 538037d269ad3ca8fabffcd2c82548ed
Detection count: 94
Mime Type: unknown/htm
Group: Malware file
Last Updated: March 29, 2012
wnineas.exe
File name: wnineas.exeSize: 343.02 KB (343024 bytes)
MD5: 414a885a60aa9d86e389304f49f3b272
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 29, 2012
tinleedisu7.tmp
File name: tinleedisu7.tmpSize: 343.02 KB (343024 bytes)
MD5: c9b59e8b1b2cf0637faba0640a1b4e7d
Detection count: 80
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Last Updated: March 29, 2012
ritoced2.jpg
File name: ritoced2.jpgSize: 343.02 KB (343024 bytes)
MD5: 5b308a79135a990c1814691e757b81d1
Detection count: 79
Mime Type: unknown/jpg
Group: Malware file
Last Updated: March 29, 2012
ewty.exe
File name: ewty.exeSize: 343.02 KB (343024 bytes)
MD5: c4181641527876b95ec6cc7905949ad5
Detection count: 78
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 29, 2012
%System%folderus3r.ds.lll
File name: %System%folderus3r.ds.lllMime Type: unknown/lll
Group: Malware file
%System%folderus3r.ds
File name: %System%folderus3r.dsMime Type: unknown/ds
Group: Malware file
%System%folderl0cal.ds
File name: %System%folderl0cal.dsMime Type: unknown/ds
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UserInit" = "%originalvalue%, %system%d3dg86.exe,"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PhishingFilter] "Enabled" = 0 "EnabledV8" = 0[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter] "Enabled" = 0 "EnabledV8" = 0
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.