NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Zbot. Description and removal instructions

 
Title: Zbot
 Also known as: Zbot Trojan, Trojan-Spy.Win32.Zbot.gen, PWS:Win32/Zbot.M, TSPY_ZBOT.BAM
Type: Trojans
Severity scale:Zbot severity is 49  (49 / 100)
 
Zbot trojan is just another password-stealing trojan virus which usually steals personal information including cached passwords, login credentials and cookies. There are more than 2000 files related to Trojan Zbot. It spreads mostly through spam emails as a file pretending to be an airline e-ticket, notice about postal package or an e-payment notification of an order with online store. For example, you may receive the following spam email with the file UPS_NNR01.zip attached to it:

-------- Original Message --------
Subject: Ninja Killed - Postal Tracking #PSGMR64782BY2C2
Date: Wed, 15 Apr 2009 16:32:50 +0900
From: United Parcel Service of America ottorios@ibfd.com
To: recipient.com

Hello!
We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America

What is more, Trojan-Spy.Win32.Zbot.gen has some backdoor functionality and may even record keystrokes.

FORUM:
Discuss Zbot in
spyware removal forum

Zbot properties:
• Logs keystrokes
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Zbot removal:

remover for Zbot

Zbot manual removal:

Kill processes:
1053.exe 1q.exe 87724515.exe ANZinetbanking_certificate.exe bana.exe voland611.exe wclctr.exe winbtn.exe winself.exe winwem.exe WorldPay_CONFR.exe WorldPay_TRANS_8651.exe x-file-MJacksonsKiller.exe xsetup1.exe Your_ETicket.exe
HELP:
how to kill malicious processes

Delete directories:
%SYSTEM%\WSNPOEM
%SYSTEM%\WSNPOEMA
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
%SYSTEM%\twain_32
%SYSTEM%\lowsec

Other programs to remove Zbot:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 10/07/09
Information updated: 06/10/09

Additional resources related to Zbot:

Attention: If you know or you have a website or page about Zbot removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Zbot parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2009-10-06 07:10:46
The 6.0 version of Evidence Eliminator by Robinhood software on its website contains the Zbot trojan and is not detected until after install. Steer clear of it.
Latest spyware news:
Similar parasites:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.