TROJ_ZBOT.BTM

By ZulaZuza in Trojans

Translate To:

TROJ_ZBOT.BTM is a harmful Trojan that can use the internet to communicate with a remote server. TROJ_ZBOT.BTM will download harmful files from this server and send a victim's stolen information to it. TROJ_ZBOT.BTM is able to steal its victims' online banking details by monitoring when the victims access certain banking websites. The stolen data is later sent to a remote attacker, who can use it to commit fraudulent crimes, via HTTP POST.

File System Details

TROJ_ZBOT.BTM may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	sdra64.exe
Name: sdra64.exe Type: Executable File
2.	%System%\lowsec
Name: %System%\lowsec

Registry Details

TROJ_ZBOT.BTM may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

Userinit = "%System%\userinit.exe, %System%\sdra64.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\SharedAccess\Parameters\ FirewallPolicy\StandardProfile

Windows NT\CurrentVersion\Winlogon

UID = "{Computer name}_{Random numbers}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

Windows NT\CurrentVersion\Network

EnableFirewall = "0"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

TROJ_ZBOT.BTM

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen