Severity scale  

Zbot. How to Remove? (Uninstall Guide)

removal by - -   Also known as Zbot Trojan, Trojan-Spy.Win32.Zbot.gen, PWS:Win32/Zbot.M, TSPY_ZBOT.BAM | Type: Trojans

What is Zbot?

Zbot is a dangerous trojan horse, which is used to steal personal users' information, such as passwords, login credentials and similar sensitive information. As soon as this virus infiltrates computer, it modifies the system according to its needs. It can drop its own files, modify the registry and initiate other activities that are needed to it. After doing so, it starts recording victim's keystrokes and can even take desktop's screenshots. In fact, this threat is composed of three parts: a toolkit, a Trojan, and the command & control server. According to experts, the first component is used to create the threat. The second part of the threat is needed to modify affected computer according to hackers' needs, while the third one was created to ensure a full control of the virus. Because of that, hackers can easily update Zbot when the time comes. In addition, they can also try to get the access to the compromised system and then initiate other dangerous activities on your computer. If you want to avoid that, you should remove this virus ASAP. The easiest and the most reliable way to do that is by scanning the system with updated anti-spyware. We recommend using Reimage or Webroot SecureAnywhere AntiVirus.

How can Zbot infect my computer?

Zbot trojan is mostly spread with the help of spam. You may tricked into downloading this virus on your computer if you fall for a fake message that looks like it was sent by some reputable company. Such fake mails typically report about nonexistent airline e-tickets, missing deliveries or postal packages and similar things that have a potential to increase the curiosity in people. Here is an example of such malicious message:

-------- Original Message --------
Subject: Ninja Killed - Postal Tracking #PSGMR64782BY2C2
Date: Wed, 15 Apr 2009 16:32:50 +0900
From: United Parcel Service of America [email protected]

We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America

What is more, Trojan-Spy.Win32.Zbot.gen has some backdoor functionality and may even record keystrokes.

Beware that such mails are also filled with the link or the attachment, which is supposed to download trojan onto the system. In addition, Zbot has also been distributed via compromised websites and drive-by download attacks.

If you think that your machine was infected by Zbot trojan, you shouldn't waste any minute because you may lose your personal information and other important data.

How to remove Zbot virus?

If you think that your PC is infected with Zbot or other malicious software, you shouldn't waste your time because there are lots of malicious activities that can be initiated by such applications. They can try to steal your personal information, disable legitimate software and can even try to infect your computer with other cyber threats. For checking the system and getting more knowledge about its state, you should scan your machine with updated anti-spyware. In this case we recommend these security solutions: Reimage(Windows), PlumbytesWebroot SecureAnywhere AntiVirus (Windows), Malwarebytes Anti Malware (Windows), Webroot SecureAnywhere AntiVirus (Mac OS X).

Zbot properties:
• Logs keystrokes
• Connects itself to the internet
• Hides from the user
• Stays resident in background

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Reimage - remover Happiness
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Zbot. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Zbot. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
We are testing Plumbytes's efficiency (2015-04-20 01:33)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2015-04-20 01:33)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Zbot manual removal

Kill processes:
Delete directories:
C:\Documents and Settings\NetworkService\Application Data\wsnpoem

Geolocation of Zbot

Map reveals the prevalence of Zbot. Countries and regions that have been affected the most are: Lithuania, Latvia, Poland, Brazil and Sweden.

Removal guides in other languages

Information updated:

Comments on Zbot

The 6.0 version of Evidence Eliminator by Robinhood software on its website contains the Zbot trojan and is not detected until after install. Steer clear of it.

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name


(All fields are required)