What is Zbot?
Zbot is a dangerous trojan horse, which is used to steal personal users' information, such as passwords, login credentials and similar sensitive information. As soon as this virus infiltrates computer, it modifies the system according to its needs. It can drop its own files, modify the registry and initiate other activities that are needed to it. After doing so, it starts recording victim's keystrokes and can even take desktop's screenshots. In fact, this threat is composed of three parts: a toolkit, a Trojan, and the command & control server. According to experts, the first component is used to create the threat. The second part of the threat is needed to modify affected computer according to hackers' needs, while the third one was created to ensure a full control of the virus. Because of that, hackers can easily update Zbot when the time comes. In addition, they can also try to get the access to the compromised system and then initiate other dangerous activities on your computer. If you want to avoid that, you should remove this virus ASAP. The easiest and the most reliable way to do that is by scanning the system with updated anti-spyware. We recommend using Reimage or Webroot SecureAnywhere AntiVirus.
How can Zbot infect my computer?
Zbot trojan is mostly spread with the help of spam. You may tricked into downloading this virus on your computer if you fall for a fake message that looks like it was sent by some reputable company. Such fake mails typically report about nonexistent airline e-tickets, missing deliveries or postal packages and similar things that have a potential to increase the curiosity in people. Here is an example of such malicious message:
-------- Original Message --------
Subject: Ninja Killed - Postal Tracking #PSGMR64782BY2C2
Date: Wed, 15 Apr 2009 16:32:50 +0900
From: United Parcel Service of America [email protected]
We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America
What is more, Trojan-Spy.Win32.Zbot.gen has some backdoor functionality and may even record keystrokes.
Beware that such mails are also filled with the link or the attachment, which is supposed to download trojan onto the system. In addition, Zbot has also been distributed via compromised websites and drive-by download attacks.
If you think that your machine was infected by Zbot trojan, you shouldn't waste any minute because you may lose your personal information and other important data.
How to remove Zbot virus?
If you think that your PC is infected with Zbot or other malicious software, you shouldn't waste your time because there are lots of malicious activities that can be initiated by such applications. They can try to steal your personal information, disable legitimate software and can even try to infect your computer with other cyber threats. For checking the system and getting more knowledge about its state, you should scan your machine with updated anti-spyware. In this case we recommend these security solutions: Reimage(Windows), PlumbytesWebroot SecureAnywhere AntiVirus (Windows), Malwarebytes Anti Malware (Windows), Webroot SecureAnywhere AntiVirus (Mac OS X).Zbot properties:
• Logs keystrokes
• Connects itself to the internet
• Hides from the user
• Stays resident in background
Zbot manual removal
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
Geolocation of Zbot
Removal guides in other languages
Comments on Zbot
Post a comment
Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.