Threat Database Trojans Trojan.Zbot


Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 2,188
First Seen: July 24, 2009
Last Seen: March 31, 2023
OS(es) Affected: Windows

Trojan.Zbot is a fairly generic backdoor Trojan infection that is closely linked to Mal/VB-AER and the Zeus Trojan, one of the most infamous malware infections. Since 2007, Trojan.Zbot has made headlines when Trojan.Zbot was used to infiltrate and steal information from the Transportation Department of the United States. Since March of 2009, Trojan.Zbot and the Zeus Trojan became widespread, infecting millions of computer from all around the world. ESG security researchers detected thousands of FTP servers of some of the most popular websites that were infected with the Zeus Trojan and Trojan.Zbot. Malware analysts estimate that the botnets associated with Trojan.Zbot cost billions of dollars every year and that a large percentage of phishing messages on Facebook and in spam emails are sent in order to spread malware associated with Trojan.Zbot. In the fall of 2010, the FBI cracked down on the criminal network thought to be responsible for an attack using Trojan.Zbot and the Zeus Trojan that resulted in the theft of more than seventy million dollars from American banks. About ninety people were arrested in relation to these criminal acts in the United States, the Russian Federation, the United Kingdom and Ukraine. In 2011, PC security researchers are facing a serious challenge since the source code of Zeus Trojan and Trojan.Zbot were leaked to the public, enabling practically anyone to use Trojan.Zbot to perform their own attacks.

Is Your Computer System in Danger from Trojan.Zbot?

While malware associated with Trojan.Zbot is not confined to a single area, the five countries with the highest incidence of infection are Mexico, Egypt, Saudi Arabia, the United States and Turkey. As of today, this malware infection is linked to the largest botnets known to PC security researchers. If your operating system is not Windows, then you are safe from Trojan.Zbot. This malware infection can only attack computer system with the Windows Operating system. Users of Windows Vista and Windows Vista SP1 operating systems are particularly vulnerable and form the majority of computer systems integrating this network of infected computers. Each criminal can fine tune their infection in order to steal different data, although Trojan.Zbot is mostly linked to credit card and online banking account information theft. However, these can also be used to steal login information for email or social media accounts.


15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Generic7_c.BULS
Fortinet W32/Bublik.AKIQ!tr
Ikarus Backdoor.Win32.DarkKomet
AhnLab-V3 Trojan/Win32.Jorik
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.S
AntiVir TR/Rogue.8877826.1
DrWeb Trojan.PWS.Stealer.1932
Kaspersky Trojan.Win32.Bublik.akiq
Avast AutoIt:MalOb-J [Trj]
McAfee Artemis!1C946EE5948C
AVG Generic32.CDAA
Ikarus Trojan.Win32.Spy2
DrWeb Trojan.PWS.Multi.1119
Kaspersky Trojan-Dropper.Win32.Agent.hjwv
Fortinet W32/Jorik_Zbot.PLC!tr

SpyHunter Detects & Remove Trojan.Zbot

File System Details

Trojan.Zbot may create the following file(s):
# File Name MD5 Detections
1. Default File.exe 5fa02bc9691141176fc57bdce0bb534b 187
2. GoogleUpdate.exe de75d9858dd25f83ee666c4890367023 157
3. ace.exe.exe 2af6923df61c3800fb4957cd5163646d 118
4. sys_config.exe 2c770a08cf50a31e138aa505c81a8cb4 38
5. Default File.exe 1b9c59e945282029f8c335ce2ce0a1fc 32
6. Elgato.exe d9a57b7f55011099f22eac398f8683a3 20
7. ace.exe.exe fc504bb9ddd9108d5ef6ec00e1175a28 20
8. file.exe 2fae551124df3827bbe80db1faaa301f 18
9. Default File.exe ce9a0cdd7f5f3a46c13e8001db1fc4b4 14
10. Defcon.exe 02dbd6164feb882e0c5fbd546ded3781 13
11. ntos.exe 9893493ec0578ac0194366a4e027e829 2
12. MaelXpers.exe a69349baf03c5a5f8dac25232ae55a8d 2
13. dwtray.exe aa872cb97a821e7736ba479558acfe78 1
14. file.exe 829d8db0a02b42ebb83f69270e866f5c 1
15. file.exe 6507c499f9f66673de194ecf2b1b0c0c 1
16. file.exe eda57630f1f05be1349bd894b55ddc8c 1
17. shortcuts.exe 5cb5a2617939cc2428f4f24b9f56421f 1
18. file.exe 0efa791652688dba9b98a058f34f3fc8 1
19. file.exe ddff58440405b2efcd1a0c9526030712 0
20. file.exe bca3e9732a8773753c96ed33477183d4 0
21. file.exe f59734c38a813c39afc56c1821ed2f73 0
22. file.exe 8674aea8a06a15702e8f7e73b1bd5399 0
23. file.exe 390bea6328266b46fe2c615035e92fad 0
24. file.exe 431ceaa2baef14549d3fc9959b33f872 0
25. file.exe 1e76d0e3d7c1ecc56ab0036ea0e3b16c 0
26. file.exe 41176e654dc58bce22ab124c9bba4bd2 0
27. file.exe 4d7f59a1fdf8524ef18f984530c7b095 0
More files

Registry Details

Trojan.Zbot may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\sdra64.exe"
Regexp file mask
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"userinit" = "%UserProfile%\Application Data\sdra64.exe"


Trojan.Zbot may call the following URLs:

Related Posts


Most Viewed