TSPY_ZBOT.HEK

By Domesticus in Spyware

Translate To:

TSPY_ZBOT.HEK is spyware which spreads as a file downloaded from a remote URL. On entering a computer system, TSPY_ZBOT.HEK will connect with a remote server and download a file that contains information on where the spyware can download a copy of itself and where to send stolen information. TSPY_ZBOT.HEK will attempt to steal a victim's online banking details such as usernames and passwords. Then TSPY_ZBOT.HEK will send the gathered information to a remote URL via HTTP POST. HTTP POST is a dangerous computer infection that should be removed from an infected PC immediately after detection.

File System Details

TSPY_ZBOT.HEK may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%System%\lowsec\user.ds
Name: %System%\lowsec\user.ds

Registry Details

TSPY_ZBOT.HEK may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

Windows NT\CurrentVersion\Winlogon

EnableFirewall = "0"

UID = "{Computer name}_{Random numbers}"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\SharedAccess\Parameters\ FirewallPolicy\StandardProfile

Windows NT\CurrentVersion\Network

Userinit = "%System%\userinit.exe, %System%\sdra64.exe,"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

TSPY_ZBOT.HEK

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen