Trojan-Spy.Win32.Zbot.gtvm
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 86 |
First Seen: | December 18, 2012 |
OS(es) Affected: | Windows |
Trojan-Spy.Win32.Zbot.gtvm is a Trojan that proliferates via fake emails allegedly coming from Air Canada. The spam Air Canada email that is used to spread Trojan-Spy.Win32.Zbot.gtvm displays a fictitious sender's id 'Air Canada tickets@aircanada.com' together with a subject line 'Your Order#74267102 - PROCESSED'. The unsolicited email addressing the computer user as a customer, announces that there has been a perfect processing of the order. Respectively, the details are: Flight Number: TB739 highlight.2CA, Electronic 74267102; Date and Time: 6th December 2012 at 10.30am; Leaving Toronto; and Ticket rate: Canadian Dollars 375.12. Then, the bogus email asks the recipient to download and print out the ticket by visiting the website http://www.aircanada.com/aco/manageMyBookings.do?tid=TB7392CA&ticket_number=74267102. To find out more about the order, the email message asks the PC user to contact Air Canada at http://www.aircanada.com/en/customercare/index.html?orderid=74267102&ssid=1524. In the end, to express thanks in the name of the Air Canada airlines, the false email signs off. However, the provided URL rather than directing onto the actual website takes the recipient onto a zipped file called 'hxxp://air-canada.org/tickets/ticketTB7392CA.zip', which when unzipped, creates a huge 175KB file called 'ticketTB7392CA.scr', which encompasses Trojan-Spy.Win32.Zbot.gtvm.
Table of Contents
Aliases
15 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
Kaspersky | Trojan-Downloader.Win32.Obuvka.avh |
Panda | Trj/Genetic.gen |
Fortinet | W32/Zbot.UNCV!tr |
Microsoft | VirTool:Win32/CeeInject.gen!KK |
Sophos | Troj/HkMain-BM |
Kaspersky | Trojan-Spy.Win32.Zbot.uncv |
Avast | Win32:Agent-AUNJ [Trj] |
McAfee | PWSZbot-FAFM!94347DEEA558 |
Kaspersky | Trojan-Spy.Win32.Zbot.uniq |
Fortinet | W32/Rovnix.N!tr |
Ikarus | Trojan.Win32.Rovnix |
McAfee-GW-Edition | BehavesLike.Win32.BadFile.mh |
Kaspersky | Trojan-Downloader.Win32.Obuvka.avx |
Symantec | Trojan.Gen |
McAfee | Artemis!8F049B422895 |
SpyHunter Detects & Remove Trojan-Spy.Win32.Zbot.gtvm
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | kwlltreh.exe | 81ab0e089471649247d2633e8e7df064 | 8 |
2. | hkmktvlw.exe | 8f049b422895c0a7435d194cf40e6d5d | 6 |
3. | epbqbjgu.exe | 513dfa60139ddb57d1463f369001d2d3 | 3 |
4. | faxrasjm.exe | 5aca5894cf0dcbe7ff4317bc0a86f80b | 3 |
5. | vkshlcxx.exe | 40cf9f060b8f5025a6139f2965dce978 | 3 |
6. | alpodqgx.exe | 437b112abf0dddd41bfcd3809265ab88 | 3 |
7. | bierdxcm.exe | 3bbc7c0bc5d9fe7de916e0011d977143 | 3 |
8. | ckolimlx.exe | 651a3ee7b5591c39ebc0f1aa2feb26cb | 3 |
9. | dvbfscln.exe | dfa2e917bba0ff805c0de9dcce964a52 | 3 |
10. | fiietoud.exe | f94f62299eec6f4cbc28f4168c8acfa0 | 3 |
11. | ihrpwtbq.exe | 911e973a8b4a09332e42c605055cc82a | 3 |
12. | jsxwtpie.exe | 94dba098e1f5ffd22edcd962abd113dc | 3 |
13. | mvahebfw.exe | fa9308c3fa98fc622d1445f61e2e168b | 3 |
14. | pgxoomfe.exe | 05f7de4a5cc7085094c934f21c493f4b | 3 |
15. | qqshgcps.exe | dbf3bc78f2be817d023ea357298369d7 | 3 |
16. | qtvcvnbf.exe | 58f7890100a35993a595d2a87d0fce5b | 3 |
17. | ucwfmdlo.exe | 94347deea558def5540476d21369fbb8 | 3 |
18. | uvlccgsx.exe | 5761e6afba2d7fc9677b87ba314e998d | 3 |
19. | klrbaauf.exe | a9ce1e11f46915ea4090dbe698c48f68 | 2 |
20. | tgtppmaj.exe | b74aaed839addc49863cd025d17d704e | 2 |
21. | crigdonn.exe | 425a8429a264e917ef2232e8033fd90c | 2 |
22. | vjrkibam.exe | 1d32380e4211ca19af16de7d16588218 | 2 |
23. | htjlethu.exe | 083e7147a929a67483489811e3c02a35 | 1 |
24. | hqntowuf.exe | 94680ed15eacdf58cbfd5a207cb146d4 | 1 |
25. | nhtwtjkm.exe | f843a2cabc05b6ef7fdc531f120c9ef8 | 1 |
26. | pffckmok.exe | 51fc3cf458a9d5f70aad8b9c4959e86a | 1 |
27. | tuxvipgs.exe | 9b3e46a2ca9464d45cacfa1fcc49f6ca | 1 |
28. | hxxp://air-canada.org/tickets/ticketTB7392CA.zip |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.