Severity scale:  

Remove Zbot

removal by Ugnius Kiguolis - -   Also known as Zbot Trojan, Trojan-Spy.Win32.Zbot.gen, PWS:Win32/Zbot.M, TSPY_ZBOT.BAM | Type: Trojans

What is Zbot?

Zbot is a dangerous trojan horse, which is used to steal personal users’ information, such as passwords, login credentials and similar sensitive information. As soon as this virus infiltrates computer, it modifies the system according to its needs. It can drop its own files, modify the registry and initiate other activities that are needed to it. After doing so, it starts recording victim’s keystrokes and can even take desktop’s screenshots. In fact, this threat is composed of three parts: a toolkit, a Trojan, and the command & control server. According to experts, the first component is used to create the threat. The second part of the threat is needed to modify affected computer according to hackers’ needs, while the third one was created to ensure a full control of the virus. Because of that, hackers can easily update Zbot when the time comes. In addition, they can also try to get the access to the compromised system and then initiate other dangerous activities on your computer. If you want to avoid that, you should remove this virus ASAP. The easiest and the most reliable way to do that is by scanning the system with updated anti-spyware. We recommend using Reimage or Webroot SecureAnywhere AntiVirus.

How can Zbot infect my computer?

Zbot trojan is mostly spread with the help of spam. You may tricked into downloading this virus on your computer if you fall for a fake message that looks like it was sent by some reputable company. Such fake mails typically report about nonexistent airline e-tickets, missing deliveries or postal packages and similar things that have a potential to increase the curiosity in people. Here is an example of such malicious message:

——– Original Message ——–
Subject: Ninja Killed – Postal Tracking #PSGMR64782BY2C2
Date: Wed, 15 Apr 2009 16:32:50 +0900
From: United Parcel Service of America [email protected]


We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your United Parcel Service of America

What is more, Trojan-Spy.Win32.Zbot.gen has some backdoor functionality and may even record keystrokes.

Beware that such mails are also filled with the link or the attachment, which is supposed to download trojan onto the system. In addition, Zbot has also been distributed via compromised websites and drive-by download attacks.

If you think that your machine was infected by Zbot trojan, you shouldn’t waste any minute because you may lose your personal information and other important data.

How to remove Zbot virus?

If you think that your PC is infected with Zbot or other malicious software, you shouldn’t waste your time because there are lots of malicious activities that can be initiated by such applications. They can try to steal your personal information, disable legitimate software and can even try to infect your computer with other cyber threats. For checking the system and getting more knowledge about its state, you should scan your machine with updated anti-spyware. In this case we recommend these security solutions: Reimage(Windows), SpyHunter 5Combo Cleaner (Windows), Malwarebytes (Windows), Webroot SecureAnywhere AntiVirus (Mac OS X).

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions

Removal guides in other languages

  1. Guest says:
    October 6th, 2009 at 7:10 am

    The 6.0 version of Evidence Eliminator by Robinhood software on its website contains the Zbot trojan and is not detected until after install. Steer clear of it.

Your opinion regarding Zbot