Win32/Spy.Zbot.YW Description

The Win32/Spy.Zbot.YW is a nasty spyware infection that is derived from the infamous Zeus, or Zbot, Trojan. This family of Trojans is well known for being quite effective at stealing banking information, such as account numbers and information, credit card numbers, online account passwords, and other essential banking information. Win32/Spy.Zbot.YW is also part of a multi-component malware attack aimed at integrating the infected computer system into the Zeus botnet. This allows Win32/Spy.Zbot.YW to spread from one computer to another through various email scams that originate from the Zeus botnet and similar networks of infected computers.

Basically, Win32/Spy.Zbot.YW infects a computer system and remains hidden, nearly undetectable without a reliable, fully-updated anti-malware scanner. Win32/Spy.Zbot.YW and its associated malware then establish a backdoor into the victim's computer system. A backdoor, much like a building's backdoor, can allow a criminal to enter undetected. Criminals can then set up malicious servers that take advantage of Win32/Spy.Zbot.YW backdoor in order to install Win32/Spy.Zbot.YW itself on the victim's computer system. Once installed, Win32/Spy.Zbot.YW can track the infected computer's online activity, detect when the victim visits any of a large number of banking-related websites, and then take screenshots or keep track of anything typed into the victim's keyboard. Finally, Win32/Spy.Zbot.YW can send this information to its command and control server to allow criminals to use this information to steal the victim's money.

Understanding the Vast Botnet Associated with Win32/Spy.Zbot.YW

Botnets are vast networks of infected computer systems that can be 'herded' by a criminal in order to perform coordinated actions. Typically, Win32/Spy.Zbot.YW Trojan-related botnets are utilized to transmit substantial quantities of spam email, which can be used to spread Win32/Spy.Zbot.YW to additional computer systems. The Zeus botnet has also been used in money-laundering and to perform attacks on specific servers by overloading them with requests from the huge number of computer systems in the botnet. The main problem with Win32/Spy.Zbot.YW and other Zbot threats is that an infected PC system will display no symptoms from Win32/Spy.Zbot.YW itself. Basically, the first sign of a Win32/Spy.Zbot.YW Trojan infection will be a warning from the victim's security software. Because of this, ESG security analysts strongly advise keeping your security software fully-updated.

Technical Information

File System Details

Win32/Spy.Zbot.YW creates the following file(s):
# File Name Size MD5
1 %System%folderl0cal.ds
2 %System%folderus3r.ds
3 %System%folderus3r.ds.lll
4 ewty.exe 343,024 c4181641527876b95ec6cc7905949ad5
5 ritoced2.jpg 343,024 5b308a79135a990c1814691e757b81d1
6 tinleedisu7.tmp 343,024 c9b59e8b1b2cf0637faba0640a1b4e7d
7 wnineas.exe 343,024 414a885a60aa9d86e389304f49f3b272
8 waulldon6.htm 343,024 538037d269ad3ca8fabffcd2c82548ed

Registry Details

Win32/Spy.Zbot.YW creates the following registry entry or registry entries:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter] "Enabled" = 0 "EnabledV8" = 0
[HKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\PhishingFilter] "Enabled" = 0 "EnabledV8" = 0
[HKEY_LOCAL_MACHINE\Microsoft\Windows NT\CurrentVersion\Winlogon] "UserInit" = "%originalvalue%, %system%d3dg86.exe,"

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.