Remove Zbot. Removal instructions

Also known as: Zbot Trojan, Trojan-Spy.Win32.Zbot.gen, PWS:Win32/Zbot.M, TSPY_ZBOT.BAM

Severity scale:

(49 / 100)

Zbot trojan is just another password-stealing trojan virus which usually steals personal information including cached passwords, login credentials and cookies. There are more than 2000 files related to Trojan Zbot. It spreads mostly through spam emails as a file pretending to be an airline e-ticket, notice about postal package or an e-payment notification of an order with online store. For example, you may receive the following spam email with the file UPS_NNR01.zip attached to it:

-------- Original Message --------
Subject: Ninja Killed - Postal Tracking #PSGMR64782BY2C2
Date: Wed, 15 Apr 2009 16:32:50 +0900
From: United Parcel Service of America ottorios@ibfd.com
To: recipient.com

Hello!
We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America

What is more, Trojan-Spy.Win32.Zbot.gen has some backdoor functionality and may even record keystrokes.

Zbot properties:
• Logs keystrokes
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Zbot removal:

remover for Zbot

SpyHunter is recommended remover to uninstall Zbot. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Zbot using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Zbot (2009-10-06 09:48:01)

Malwarebytes Anti Malware

download | review

We are testing Malwarebytes Anti Malware's efficiency at removing Zbot (2009-10-06 09:48:01)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Zbot (2009-10-06 09:48:01)

XoftSpySE Anti Spyware

download | review

Zbot manual removal:

FORUM:
Discuss Zbot in
spyware removal forum

Kill processes:
1053.exe 1q.exe 87724515.exe ANZinetbanking_certificate.exe bana.exe voland611.exe wclctr.exe winbtn.exe winself.exe winwem.exe WorldPay_CONFR.exe WorldPay_TRANS_8651.exe x-file-MJacksonsKiller.exe xsetup1.exe Your_ETicket.exe

HELP:
how to kill malicious processes

Delete directories:
%SYSTEM%\WSNPOEM
%SYSTEM%\WSNPOEMA
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
%SYSTEM%\twain_32
%SYSTEM%\lowsec

Information added: 2009-07-10 04:47:37
Information updated: 2009-10-06 07:10:46

Additional resources related to Zbot:

Attention: If you know or you have a website or page about Zbot removal, feel free to add a link to this list: add url

more resources

<Guest>

The 6.0 version of Evidence Eliminator by Robinhood software on its website contains the Zbot trojan and is not detected until after install. Steer clear of it.

Reply »

2009 10 06

Post Comment:

Attention: Use this form only if you have additional information about Zbot parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.