Trojan-Spy.Win32.Zbot.addi
Trojan-Spy.Win32.Zbot.addi attempts to steal online banking details and other useful information from a compromised computer. Trojan-Spy.Win32.Zbot.addi may infiltrate a computer system via drive-by downloads or infected web pages. Trojan-Spy.Win32.Zbot.addi may further infect a compromised PC by installing more malware onto it. Trojan-Spy.Win32.Zbot.addi must be removed from a computer system before it causes irreversible damage.
File System Details
Trojan-Spy.Win32.Zbot.addi may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\sdra64.exe | |
| 2. | %System%\lowsec\local.ds | |
| 3. | %System%\lowsec\user.ds |
Registry Details
Trojan-Spy.Win32.Zbot.addi may create the following registry entry or registry entries:
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{334613DB-50C1-B3BE-95ED-E9915A134FF1}]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]
