PWS-Zbot.gen.cc

By GoldSparrow in Backdoors

Threat Scorecard

Threat Level:	80 % (High)
Infected Computers:	360

First Seen:	November 30, 2010
OS(es) Affected:	Windows

Beware of an email scam involving the Trojan PWS-Zbot.gen.cc. This email scam consists of an email claiming to originate from DHL, the popular international courier service. This fraudulent email will try to convince the victim that there is a shipment on the way and that an attached file should be opened in order to track the package and obtain more information on the shipment. However, opening the attached file contained in this bogus email from DHL will cause the victim's computer to become infected with the PWS-Zbot.gen.cc Trojan. It is easy to become fooled by this email scam, because the criminals behind PWS-Zbot.gen.cc have managed to spoof an email address that looks quite authentic, appearing to originate from an official DHL server. It is because of this that ESG malware analysts strongly recommend never opening links or downloading attachments contained in unexpected emails, even if they appear to come from a legitimate source.

The fake email from DHL is a fairly passable imitation of legitimate emails from this courier company. It also contains links to the official, legitimate DHL website. The language within this email is also pretty typical of official emails from this company. This is why caution should be exercised when dealing with unexpected emails. Even then, it is highly unlikely that a legitimate email from DHL would prompt a user to open an attached file in order to receive more information on a particular shipment. These kinds of practices should trigger your alarms, since they are typical of how most phishing scams and email frauds operate on a computer.

The Trojan contained in this fake DHL email, PWS-Zbot.gen.cc, also detected as Win-Trojan/Obfuscated.Gen, is a fairly typical backdoor Trojan. PWS-Zbot.gen.cc is designed to take over your computer system, connect to a remote server and put your computer system in the hands of a criminal. Using the PWS-Zbot.gen.cc infection, a hacker can control your computer system remotely. This level of unauthorized control can be used to perform illegal acts involving the infected computer system. Some examples of activities associated with a PWS-Zbot.gen.cc infection include using the infected computer to send out spam email (including additional copies of the fake DHL email scam), using the infected machine to perform DDoS attacks on specific targets and to cover up other criminal activities such as child pornography rings or money laundering. Computer users should be certain that their anti-malware software is protecting their systems from the PWS-Zbot.gen.cc Trojan.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
AVG	Generic27.BNIO
Fortinet	W32/Injector.PRI
Ikarus	Trojan-Ransom.Win32.Mbro
AhnLab-V3	Dropper/Win32.Injector
Antiy-AVL	Trojan/Win32.Mbro.gen
Sophos	W32/VB-FWA
DrWeb	Trojan.Packed.22445
Kaspersky	Trojan-Ransom.Win32.Mbro.dcw
ClamAV	Trojan.Mbro-2
eSafe	Win32.Injector.Pri
Avast	Win32:Rootkit-gen [Rtk]
NOD32	Win32/MBRlock.D
McAfee	W32/Worm-FCF!0E0F3848F352
CAT-QuickHeal	TrojanRansom.MBro.dcw
AVG	SHeur3.CGGD

SpyHunter Detects & Remove PWS-Zbot.gen.cc

File System Details

PWS-Zbot.gen.cc may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	uwpwlmeitke.exe	87cc0a0b77a8d837a2a70c20f3bbcc7d	96
Name: uwpwlmeitke.exe MD5: 87cc0a0b77a8d837a2a70c20f3bbcc7d Size: 138.75 KB (138752 bytes) Detections: 96 Type: Executable File Path: %SystemDrive%\Documents and Settings\tcsuser\Application Data Group: Malware file Last Updated: November 20, 2012
2.	A0BAA5.exe	8b07fe8f533ab8e02daa3eaae6612e1c	45
Name: A0BAA5.exe MD5: 8b07fe8f533ab8e02daa3eaae6612e1c Size: 40.48 KB (40487 bytes) Detections: 45 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: July 23, 2012
3.	qprumllxjfyokilbeu.exe	c8471ea9a7c40e586ec0f21e40e21e9e	27
Name: qprumllxjfyokilbeu.exe MD5: c8471ea9a7c40e586ec0f21e40e21e9e Size: 101.88 KB (101888 bytes) Detections: 27 Type: Executable File Path: %USERPROFILE% Group: Malware file Last Updated: December 19, 2012
4.	kagyn.exe	d7a2a72bbae0760f4772bffc3ed116d4	13
Name: kagyn.exe MD5: d7a2a72bbae0760f4772bffc3ed116d4 Size: 137.21 KB (137216 bytes) Detections: 13 Type: Executable File Path: %APPDATA%\Fudax Group: Malware file Last Updated: August 21, 2012
5.	z3CetQZO.exe	476fda6471c874c584725a4f8cab7555	13
Name: z3CetQZO.exe MD5: 476fda6471c874c584725a4f8cab7555 Size: 209.92 KB (209920 bytes) Detections: 13 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Roaming Group: Malware file Last Updated: November 13, 2012
6.	ahwuo.exe	a8b9ddd0d17f35fe5d4c35a89ded2798	6
Name: ahwuo.exe MD5: a8b9ddd0d17f35fe5d4c35a89ded2798 Size: 192 KB (192001 bytes) Detections: 6 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: December 3, 2012
7.	zeruq.exe	81227ea07cd172180698580b41c4e109	6
Name: zeruq.exe MD5: 81227ea07cd172180698580b41c4e109 Size: 299.27 KB (299272 bytes) Detections: 6 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: February 6, 2013
8.	oqaq.exe	12dfa07d9d0d5de46d4681cb0ccee952	5
Name: oqaq.exe MD5: 12dfa07d9d0d5de46d4681cb0ccee952 Size: 142.33 KB (142336 bytes) Detections: 5 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: September 10, 2012
9.	mesoa.exe	c631b06107131e1891cf64bcee0f8fc0	4
Name: mesoa.exe MD5: c631b06107131e1891cf64bcee0f8fc0 Size: 117.24 KB (117248 bytes) Detections: 4 Type: Executable File Path: %SystemDrive%\Users\<username>\Start Menu\Programs\Startup Group: Malware file Last Updated: January 17, 2012
10.	ikaf.exe	42fdfd374f3b6ac6c9621325c5d370bd	3
Name: ikaf.exe MD5: 42fdfd374f3b6ac6c9621325c5d370bd Size: 219.49 KB (219495 bytes) Detections: 3 Type: Executable File Path: %APPDATA%\Qyih Group: Malware file Last Updated: August 31, 2012
11.	apikndss.exe	0e0f3848f352da113f65e3787df9fc3b	3
Name: apikndss.exe MD5: 0e0f3848f352da113f65e3787df9fc3b Size: 60.92 KB (60928 bytes) Detections: 3 Type: Executable File Path: %WINDIR%\System32 Group: Malware file Last Updated: May 15, 2013
12.	lozai.exe	f4679f83603bc7ae08ab5517d7065ac6	3
Name: lozai.exe MD5: f4679f83603bc7ae08ab5517d7065ac6 Size: 305.8 KB (305808 bytes) Detections: 3 Type: Executable File Path: %SystemDrive%\Documents and Settings\YMCAGymkats\Start Menu\Programs\Startup Group: Malware file Last Updated: March 12, 2013
13.	iqzehy.exe	761eda071af0c7d9841ccc78050ceffb	2
Name: iqzehy.exe MD5: 761eda071af0c7d9841ccc78050ceffb Size: 169.98 KB (169984 bytes) Detections: 2 Type: Executable File Path: %SystemDrive%\Users\<username>\Start Menu\Programs\Startup Group: Malware file Last Updated: February 6, 2012
14.	ytze.exe	490763428fd9abf379638aae5bccfc41	2
Name: ytze.exe MD5: 490763428fd9abf379638aae5bccfc41 Size: 292.35 KB (292352 bytes) Detections: 2 Type: Executable File Path: %SystemDrive%\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: October 22, 2012
15.	eHRFhkpXr.exe	49509701af157a56409774224d99f790	2
Name: eHRFhkpXr.exe MD5: 49509701af157a56409774224d99f790 Size: 872.96 KB (872960 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\RnvbG UFnBTbmzQ Group: Malware file Last Updated: January 14, 2013
16.	366F95.exe	1bfef062e53f54d5beb4413ddcc683b0	2
Name: 366F95.exe MD5: 1bfef062e53f54d5beb4413ddcc683b0 Size: 110.59 KB (110592 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\366F95 Group: Malware file Last Updated: March 21, 2013
17.	msrerkua.scr	95b992ee6f22221c0d9fa482d050b916	2
Name: msrerkua.scr MD5: 95b992ee6f22221c0d9fa482d050b916 Size: 40.44 KB (40448 bytes) Detections: 2 Path: %ALLUSERSPROFILE%\Local Settings\Temp Group: Malware file Last Updated: March 12, 2013
18.	svd.exe	6f022949743f2ea44116cebfdb9ff232	2
Name: svd.exe MD5: 6f022949743f2ea44116cebfdb9ff232 Size: 148.48 KB (148480 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\Roamer Group: Malware file Last Updated: April 16, 2013
19.	ekeww.exe	2a2580e77edf6d1a80e49934bb0e1914	1
Name: ekeww.exe MD5: 2a2580e77edf6d1a80e49934bb0e1914 Size: 118.27 KB (118272 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: January 2, 2012
20.	pevoco.exe	8df0c89648bd8eb80c82c63bd9bffcb6	1
Name: pevoco.exe MD5: 8df0c89648bd8eb80c82c63bd9bffcb6 Size: 196.09 KB (196096 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Documents and Settings\Bob\Start Menu\Programs\Startup Group: Malware file Last Updated: January 16, 2012
21.	gyokq.exe	1ac6598d68f7f7c50f9589132c5bb9f0	1
Name: gyokq.exe MD5: 1ac6598d68f7f7c50f9589132c5bb9f0 Size: 117.24 KB (117248 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Documents and Settings\Shruthi\Start Menu\Programs\Startup Group: Malware file Last Updated: January 17, 2012
22.	svcnost.exe	ba9066bb27344c4a74a67f51fc51e258	1
Name: svcnost.exe MD5: ba9066bb27344c4a74a67f51fc51e258 Size: 115.71 KB (115712 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\x1lalz1kdane1gqbixjcwuzzgvyplqbe2 Group: Malware file Last Updated: January 30, 2012
23.	yrahiw.exe	f47751d13cf32bd1f6d8e6834fdc0865	1
Name: yrahiw.exe MD5: f47751d13cf32bd1f6d8e6834fdc0865 Size: 118.27 KB (118272 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Users\<username>\Start Menu\Programs\Startup Group: Malware file Last Updated: February 8, 2012
24.	xauras.exe	e6bda8657f7e1e16755c8037b8620ee2	1
Name: xauras.exe MD5: e6bda8657f7e1e16755c8037b8620ee2 Size: 158.2 KB (158208 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Documents and Settings\Guest\Start Menu\Programs\Startup Group: Malware file Last Updated: January 30, 2012
25.	UpgradeHelper.exe	ad1a6b291341f57a121783a319a3404d	1
Name: UpgradeHelper.exe MD5: ad1a6b291341f57a121783a319a3404d Size: 262.14 KB (262144 bytes) Detections: 1 Type: Executable File Path: %APPDATA%\Dropbox\{0BE1D130-7872-4227-AD6D-D9DCC92A61E5} Group: Malware file Last Updated: November 12, 2012
26.	83ALuOH.exe	40f55b80aa1b8900197904e4494fec4e	1
Name: 83ALuOH.exe MD5: 40f55b80aa1b8900197904e4494fec4e Size: 232.44 KB (232448 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: December 17, 2012
27.	skype.dat	06956b0f41300d476fb83fc63e64bc97	1
Name: skype.dat MD5: 06956b0f41300d476fb83fc63e64bc97 Size: 65.02 KB (65024 bytes) Detections: 1 Type: Data file Path: %APPDATA% Group: Malware file Last Updated: December 20, 2012
28.	file.exe	1b116181b38b3b414da02f09ea142e9e	0
Name: file.exe MD5: 1b116181b38b3b414da02f09ea142e9e Size: 1.08 MB (1089310 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: November 17, 2016

More files

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

PWS-Zbot.gen.cc

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove PWS-Zbot.gen.cc

File System Details

Submit Comment

Related Posts

DHL Express Notification with Trojan PWS-Zbot.gen.cc...

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen