PWS:Win32/Zbot.gen!Y

By JubileeX in Trojans

Threat Scorecard

Threat Level:	80 % (High)
Infected Computers:	311

First Seen:	January 13, 2011
Last Seen:	April 14, 2021
OS(es) Affected:	Windows

PWS:Win32/Zbot.gen!Y, also known as W32/Zbot.YFP is a dangerous Trojan associated with notorious botnets and the Zeus Trojan. This malware infection spreads through a spam email campaign that has been notorious in the final months of 2011, targeting inexperienced computer users by offering updates for Acrobat Reader and other popular products from Adobe Systems. The email messages carrying PWS:Win32/Zbot.gen!Y use subject lines such as 'Adobe Software Critical Upgrade Notification ID: [Random Number]' and in order to make it appear that the scam emails are coming from Adobe itself, they spoof Adobe's email address. PWS:Win32/Zbot.gen!Y spreads in a compressed file attached to this scam email. The main goal of PWS:Win32/Zbot.gen!Y is to steal its victim's online banking details such as account numbers and passwords. ESG security researchers strongly recommend that you ignore these fake emails from Adobe Systems. A legitimate software company like Adobe Systems will never distribute software updates through these kinds of emails, especially since these malicious emails have been associated with spreading malware and various online scams for a long time. If you are threatened to these kinds of malicious emails, ESG malware analysts strongly recommend that you mark the offending email as spam and not to open the enclosed file under any circumstances. If your computer system becomes infected with PWS:Win32/Zbot.gen!Y, a lengthy and inconvenient removal procedure will be necessary to return your computer to normal conditions.

Table of Contents

An Overview of the PWS:Win32/Zbot.gen!Y Scam Email

The scam email associated with PWS:Win32/Zbot.gen!Y contains an attachment that is named 'AdobeSystems-Software_Critica Update Dec_2011-[Random].zip,' in the form of a compressed file. Within this compressed file, you will find an executable file that contains the PWS:Win32/Zbot.gen!Y infection itself. One of the most common ways of distributing malware online is through the use of compressed files in ZIP format. This is because these kinds of files do not allow computer users to view their contents without opening them. Inside, they will usually contain components designed to run the malware it contains automatically as soon as the compressed file is opened. PWS:Win32/Zbot.gen!Y is only one of a couple of problems associated with Adobe Systems. Due to this company's software's popularity, criminals have found ways of taking advantage in order to target as many victims as possible. Apart from these malicious email scams, Adobe software has also been targeted in 2011 by 0-day exploits that have claimed a large number of victims worldwide.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Panda	Trj/Spy.AB
AVG	PSW.Generic8.BFLK
Fortinet	W32/Zbot.AT!tr
AhnLab-V3	Win-Trojan/Zbot.141824.AO
eTrust-Vet	Win32/Zbot.EGB
Sophos	Troj/PWS-BSF
AntiVir	TR/Hijacker.Gen
BitDefender	Gen:Variant.Kazy.1779
Kaspersky	Trojan-Spy.Win32.Zbot.biwp
ClamAV	Trojan.Spy.Zbot-142
eSafe	Win32.TRHijacker
Avast	Win32:Fraudo [Trj]
F-Prot	W32/Zbot.BR.gen!Eldorado
McAfee	PWS-Zbot.gen.ds
CAT-QuickHeal	TrojanSpy.Zbot.capz

SpyHunter Detects & Remove PWS:Win32/Zbot.gen!Y

File System Details

PWS:Win32/Zbot.gen!Y may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	efeho.exe	d3d85d43f636a6af45f26b77ece99779	39
Name: efeho.exe MD5: d3d85d43f636a6af45f26b77ece99779 Size: 118.78 KB (118784 bytes) Detections: 39 Type: Executable File Path: %SystemDrive%\Documents and Settings\Harvey Plante\Start Menu\Programs\Startup Group: Malware file Last Updated: November 1, 2011
2.	ClockTraySkins.exe	a03d4b67795d68e95890764968d7bfdd	32
Name: ClockTraySkins.exe MD5: a03d4b67795d68e95890764968d7bfdd Size: 1.33 MB (1330432 bytes) Detections: 32 Type: Executable File Path: C:\WinApp\Clock Tray Skins_ORA\ClockTraySkins.exe Group: Malware file Last Updated: April 14, 2021
3.	zomy.exe	cf04e0ba922c2b4e9207d5ee1571e66a	23
Name: zomy.exe MD5: cf04e0ba922c2b4e9207d5ee1571e66a Size: 190.97 KB (190976 bytes) Detections: 23 Type: Executable File Path: %USERPROFILE%\Start Menu\Programs\Startup Group: Malware file Last Updated: May 31, 2011
4.	windcd32.dll	84aa1c3cbdf98d121990c4dd997d6834	15
Name: windcd32.dll MD5: 84aa1c3cbdf98d121990c4dd997d6834 Size: 74.24 KB (74240 bytes) Detections: 15 Type: Dynamic link library Path: %WINDIR%\system32 Group: Malware file Last Updated: January 16, 2011
5.	esuf.exe	9dfe3d9a9c07c1fbe337ea6364be1b3a	14
Name: esuf.exe MD5: 9dfe3d9a9c07c1fbe337ea6364be1b3a Size: 145.92 KB (145920 bytes) Detections: 14 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: June 13, 2011
6.	ettori.exe	13286600b62779dcc885855cee33cbf9	14
Name: ettori.exe MD5: 13286600b62779dcc885855cee33cbf9 Size: 145.92 KB (145920 bytes) Detections: 14 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: June 13, 2011
7.	impu.exe	6024d97573f3de5e4855f11a8b75f88f	12
Name: impu.exe MD5: 6024d97573f3de5e4855f11a8b75f88f Size: 144.38 KB (144384 bytes) Detections: 12 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: June 10, 2011
8.	ocso.exe	322b092be8945a19c2413bcf72f7a585	12
Name: ocso.exe MD5: 322b092be8945a19c2413bcf72f7a585 Size: 116.22 KB (116224 bytes) Detections: 12 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: June 10, 2011
9.	wwwrfd32.exe	ba6fc51b94e3e62c23c21b974cac0bac	11
Name: wwwrfd32.exe MD5: ba6fc51b94e3e62c23c21b974cac0bac Size: 21.5 KB (21504 bytes) Detections: 11 Type: Executable File Path: %USERPROFILE%\Start Menu\Programs\Startup Group: Malware file Last Updated: January 16, 2011
10.	AutoChk.exe	277c921947fe032066e60bf485347c0d	8
Name: AutoChk.exe MD5: 277c921947fe032066e60bf485347c0d Size: 197.63 KB (197632 bytes) Detections: 8 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: January 18, 2011
11.	ahwoe.exe	198b6b002075364f1d87e76866994b3c	3
Name: ahwoe.exe MD5: 198b6b002075364f1d87e76866994b3c Size: 143.87 KB (143872 bytes) Detections: 3 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: June 1, 2011
12.	avny.exe	29efc4ff647065f25084df1c6a0c6fc9	3
Name: avny.exe MD5: 29efc4ff647065f25084df1c6a0c6fc9 Size: 135.68 KB (135680 bytes) Detections: 3 Type: Executable File Path: %SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup Group: Malware file Last Updated: June 1, 2011
13.	nyliv.exe	0c27478195764e6b01459039407210a2	3
Name: nyliv.exe MD5: 0c27478195764e6b01459039407210a2 Size: 118.78 KB (118784 bytes) Detections: 3 Type: Executable File Path: %SystemDrive%\Documents and Settings\IUSR_NMPR\Start Menu\Programs\Startup Group: Malware file Last Updated: April 11, 2012
14.	pciide2k.sys	0f6c28d492d8baa532f6f3fa19f63b24	3
Name: pciide2k.sys MD5: 0f6c28d492d8baa532f6f3fa19f63b24 Size: 509.44 KB (509440 bytes) Detections: 3 Type: System file Path: %WINDIR%\System32\drivers Group: Malware file Last Updated: July 30, 2012
15.	netsvcs32.exe	61be5d4ad0cf138ec4190e8043d56fb2	2
Name: netsvcs32.exe MD5: 61be5d4ad0cf138ec4190e8043d56fb2 Size: 694.27 KB (694272 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: January 16, 2011
16.	csrrsx.exe	931da0a3557c536ae94802a46cbb568d	2
Name: csrrsx.exe MD5: 931da0a3557c536ae94802a46cbb568d Size: 305.15 KB (305152 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\debugs Group: Malware file Last Updated: January 16, 2011
17.	compatWebaudio.dll	ce2202273d534c307484bdb8edb818b3	2
Name: compatWebaudio.dll MD5: ce2202273d534c307484bdb8edb818b3 Size: 81.92 KB (81920 bytes) Detections: 2 Type: Dynamic link library Path: %LOCALAPPDATA%\eventCommonnet Group: Malware file Last Updated: January 16, 2011
18.	Asdiph.exe	06cde1dfb914f0757a0c2d3ebcbf0164	2
Name: Asdiph.exe MD5: 06cde1dfb914f0757a0c2d3ebcbf0164 Size: 446.97 KB (446976 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES%\messenge Group: Malware file Last Updated: January 16, 2011
19.	movie[1].exe	ea16ffab2f264117e6f89c51b71e620e	2
Name: movie[1].exe MD5: ea16ffab2f264117e6f89c51b71e620e Size: 137.72 KB (137728 bytes) Detections: 2 Type: Executable File Path: %TEMP%orary Internet Files\Content.IE5\CJJY4S0C Group: Malware file Last Updated: January 18, 2011
20.	ClickPotatoLiteSA.exe	e7f93f7f99f8c9154b1fb6fee108d234	2
Name: ClickPotatoLiteSA.exe MD5: e7f93f7f99f8c9154b1fb6fee108d234 Size: 741.68 KB (741680 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES%\ClickPotatoLite\bin\10.0.636.0 Group: Malware file Last Updated: January 16, 2011
21.	wins.exe	fab2b8b1ca3a351e5925a72c547dbcbf	2
Name: wins.exe MD5: fab2b8b1ca3a351e5925a72c547dbcbf Size: 5.48 MB (5484544 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service Group: Malware file Last Updated: January 16, 2011
22.	paaw.exe	79e032ccdc5fafff28f85631f13e3689	2
Name: paaw.exe MD5: 79e032ccdc5fafff28f85631f13e3689 Size: 204.28 KB (204288 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\Boytys Group: Malware file Last Updated: January 11, 2012
23.	zybu.exe	76410d9afc8af1477280f92e5139e3d5	1
Name: zybu.exe MD5: 76410d9afc8af1477280f92e5139e3d5 Size: 153.6 KB (153600 bytes) Detections: 1 Type: Executable File Path: %USERPROFILE%\Start Menu\Programs\Startup Group: Malware file Last Updated: January 13, 2011
24.	setup1349310592.exe	9a036945a46e56c372fcc74af0486649	1
Name: setup1349310592.exe MD5: 9a036945a46e56c372fcc74af0486649 Size: 123.9 KB (123904 bytes) Detections: 1 Type: Executable File Path: %TEMP% Group: Malware file Last Updated: January 16, 2011
25.	20578.dll	a57deb949016484cea1c74bd6c21a4c0	1
Name: 20578.dll MD5: a57deb949016484cea1c74bd6c21a4c0 Size: 946.17 KB (946176 bytes) Detections: 1 Type: Dynamic link library Path: %WINDIR%\SysWow64 Group: Malware file Last Updated: January 16, 2011
26.	IDMan.exe	5972f0615994e9a2b564c21c47599f16	1
Name: IDMan.exe MD5: 5972f0615994e9a2b564c21c47599f16 Size: 897.28 KB (897280 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\Internet Download Manager Group: Malware file Last Updated: March 1, 2011
27.	vexe.exe	fe07c20d624f9e93b78d51958090f034	1
Name: vexe.exe MD5: fe07c20d624f9e93b78d51958090f034 Size: 118.27 KB (118272 bytes) Detections: 1 Type: Executable File Path: %SystemDrive%\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup Group: Malware file Last Updated: January 17, 2012

More files

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

PWS:Win32/Zbot.gen!Y

Threat Scorecard

EnigmaSoft Threat Scorecard

An Overview of the PWS:Win32/Zbot.gen!Y Scam Email

Aliases

SpyHunter Detects & Remove PWS:Win32/Zbot.gen!Y

File System Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen