PWS:Win32/Zbot.gen!AK

By Domesticus in Trojans

PWS:Win32/Zbot.gen!AK is Trojan that enables attackers to obtain full remote access and control over the targeted PC, and steals confidential information, such as online shopping and banking passwords, email credentials and network information from affected computer users. PWS:Win32/Zbot.gen!AK proliferates and installs itself on the victimized computer system with the help of other malware infections, can be downloaded as a payload for exploit kits such as blackhole, detected as Blacole, or is spread via spam email out attachments. When activated, PWS:Win32/Zbot.gen!AK creates a modified copy of itself with a randomly-generated file name in the specific location. PWS:Win32/Zbot.gen!AK then modifies the Windows Registry to make sure that this copy is run every time you boot up Windows. PWS:Win32/Zbot.gen!AK also replicates itself in the default user startup folder. PWS:Win32/Zbot.gen!AK embeds a code into all running processes of the victimized computer to hide its occurrence from security applications. PWS:Win32/Zbot.gen!AK strives to distribute itself to other PCs that might be remotely connected to the infected computer using the Remote Desktop Service (RDS).

Table of Contents

SpyHunter Detects & Remove PWS:Win32/Zbot.gen!AK

File System Details

PWS:Win32/Zbot.gen!AK may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	\Programs\Startup\.exe
Name: \Programs\Startup\.exe Type: Executable File Group: Malware file
2.	C:\Documents and Settings\\\Programs\Startup\.exe
Name: C:\Documents and Settings\<username>\\Programs\Startup\.exe Type: Executable File Group: Malware file
3.	C:\Documents and Settings\\application data\eqepys\ruynn.exe
Name: C:\Documents and Settings\<username>\application data\eqepys\ruynn.exe Type: Executable File Group: Malware file
4.	C:\Users\\\Programs\Startup\.exe
Name: C:\Users\<username>\\Programs\Startup\.exe Type: Executable File Group: Malware file
5.	%APPDATA%\\.exe
Name: %APPDATA%\\.exe Type: Executable File Group: Malware file
6.	C:\Users\\\Programs\Startup\.exe
Name: C:\Users\\\Programs\Startup\.exe Type: Executable File Group: Malware file
7.	C:\Documents and Settings\\\Programs\Startup\.exe
Name: C:\Documents and Settings\\\Programs\Startup\.exe Type: Executable File Group: Malware file
8.	468fa62f8fc5b951448d520744c6cf69	468fa62f8fc5b951448d520744c6cf69	0
Name: 468fa62f8fc5b951448d520744c6cf69 MD5: 468fa62f8fc5b951448d520744c6cf69 Size: 190.56 KB (190560 bytes) Detections: 0 Group: Malware file Last Updated: March 5, 2013
9.	35c88a3c5319270976199e5575661300	35c88a3c5319270976199e5575661300	0
Name: 35c88a3c5319270976199e5575661300 MD5: 35c88a3c5319270976199e5575661300 Size: 312.32 KB (312320 bytes) Detections: 0 Group: Malware file Last Updated: March 5, 2013

Registry Details

PWS:Win32/Zbot.gen!AK may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

data\eqepys\ruynn.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run {F38B3E05-4020-AD7D-5A64-4EC179C86DD3}" " = "c:\documents and settings\administrator\application

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run "{GUID of Windows volume}" = "%APPDATA%\\.exe"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

PWS:Win32/Zbot.gen!AK

SpyHunter Detects & Remove PWS:Win32/Zbot.gen!AK

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen