Trojan.Zbot Description

Trojan.Zbot is a fairly generic backdoor Trojan infection that is closely linked to Mal/VB-AER and the Zeus Trojan, one of the most infamous malware infections. Since 2007, Trojan.Zbot has made headlines when Trojan.Zbot was used to infiltrate and steal information from the Transportation Department of the United States. Since March of 2009, Trojan.Zbot and the Zeus Trojan became widespread, infecting millions of computer from all around the world. ESG security researchers detected thousands of FTP servers of some of the most popular websites that were infected with the Zeus Trojan and Trojan.Zbot. Malware analysts estimate that the botnets associated with Trojan.Zbot cost billions of dollars every year and that a large percentage of phishing messages on Facebook and in spam emails are sent in order to spread malware associated with Trojan.Zbot. In the fall of 2010, the FBI cracked down on the criminal network thought to be responsible for an attack using Trojan.Zbot and the Zeus Trojan that resulted in the theft of more than seventy million dollars from American banks. About ninety people were arrested in relation to these criminal acts in the United States, the Russian Federation, the United Kingdom and Ukraine. In 2011, PC security researchers are facing a serious challenge since the source code of Zeus Trojan and Trojan.Zbot were leaked to the public, enabling practically anyone to use Trojan.Zbot to perform their own attacks.

Is Your Computer System in Danger from Trojan.Zbot?

While malware associated with Trojan.Zbot is not confined to a single area, the five countries with the highest incidence of infection are Mexico, Egypt, Saudi Arabia, the United States and Turkey. As of today, this malware infection is linked to the largest botnets known to PC security researchers. If your operating system is not Windows, then you are safe from Trojan.Zbot. This malware infection can only attack computer system with the Windows Operating system. Users of Windows Vista and Windows Vista SP1 operating systems are particularly vulnerable and form the majority of computer systems integrating this network of infected computers. Each criminal can fine tune their infection in order to steal different data, although Trojan.Zbot is mostly linked to credit card and online banking account information theft. However, these can also be used to steal login information for email or social media accounts.

Aliases: Trojan.Generic.8877826 [nProtect], Generic7_c.BULS [AVG], Artemis!1C946EE5948C [McAfee], TROJ_GEN.RCBCOCU [TrendMicro-HouseCall], AutoIt:MalOb-J [Trj] [Avast], Trojan.Win32.Bublik.akiq [Kaspersky], Trojan.Generic.8877826 (B) [Emsisoft], Trojan.PWS.Stealer.1932 [DrWeb], TR/Rogue.8877826.1 [AntiVir], W32/Bublik.AKIQ!tr [Fortinet], Backdoor.Win32.DarkKomet [Ikarus], a variant of Win32/Injector.Autoit.HN [ESET-NOD32], Trojan/Win32.Jorik [AhnLab-V3], Win32.Troj.Bublik.ak.(kcloud) [Kingsoft] and Heuristic.BehavesLike.Win32.Suspicious-BAY.S [McAfee-GW-Edition].

Infected with Trojan.Zbot? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect Trojan.Zbot
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics

Our MalwareTracker shows malware activity across the world. Explore real-time data of Trojan.Zbot outbreaks and other threats from global to local level.

File System Details

Trojan.Zbot creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Default Folder\Default File.exe 281,600 fed0e16693ae2c3f0433ecf6774f53f2 648
2 %APPDATA%ohydy.exe 77,824 004010a43054d66bf1d6d32e710ec59e 333
3 %APPDATA%\Default Folder\GoogleUpdate.exe 279,072 de75d9858dd25f83ee666c4890367023 157
4 %APPDATA%juzjf.exe 102,400 dfda2db5ed7c417c9fececd8f5f48653 85
5 %USERPROFILE%userinit.exe 41,472 f01443167573144e3cf25b079a73226d 81
6 %APPDATA%\Default Folder\sys_config.exe 278,560 2c770a08cf50a31e138aa505c81a8cb4 37
7 %APPDATA%\Default Folder\Elgato.exe 280,096 d9a57b7f55011099f22eac398f8683a3 20
8 C:\bbotxxxxxx.exe\bbotxxxxxx.exe 140,800 02d7b03f126ced200af04cafffbf4f66 18
9 %TEMP%\dc_tmp_path\svchost77.exe 431,104 4063dc3346591414467dea192e4de47d 17
10 C:\sdfjaidhuw.exe\sdfjaidhuw.exe 274,944 a6a2e40b6bfaf60a5f096117a53a5ddb 14
11 %WINDIR%\System32\WinUpdate\server.exe 1,543,665 1c946ee5948c6d23847688c7d5fb8ebd 14
12 %APPDATA%\Default Folder\Defcon.exe 562,176 02dbd6164feb882e0c5fbd546ded3781 12
13 %USERPROFILE%\Documents\crss.exe 492,503 733032ca6f13e38740fc4416eee0a0d4 9
14 %SystemDrive%\Users\andrew\AppData\Local\Temp\wgsdgsdgdsgsd.exe 239,040 d4c60f32496ae92c5a53bda45d28937d 8
15 %WINDIR%\Temp\_ex-08.exe 420,864 5e65019a053e88ac9cdd31203d80bbe5 7
More files

Registry Details

Trojan.Zbot creates the following registry entry or registry entries:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"userinit" = "%UserProfile%\Application Data\sdra64.exe"
The following CLSID's were found:
HKEY..\..\{CLSID Path}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\sdra64.exe"

More Details on Trojan.Zbot

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.

Related Posts

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 13 + 3 ?