Malware

Mal/Generic-R + Troj/Zbot-KDF removal instruction

Malware Removal

The Mal/Generic-R + Troj/Zbot-KDF is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Mal/Generic-R + Troj/Zbot-KDF virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Authenticode signature is invalid

How to determine Mal/Generic-R + Troj/Zbot-KDF?



File Info:

name: 828B9B2B4557541A3426.mlw
path: /opt/CAPEv2/storage/binaries/82c6447625755a9fabba76a5d671a41996c444e9ac97c03f3dcae1093cccf159
crc32: DF121371
md5: 828b9b2b4557541a3426e5931030fa0e
sha1: 702eb21d6ba624c458d513c330e94540c9afd0fe
sha256: 82c6447625755a9fabba76a5d671a41996c444e9ac97c03f3dcae1093cccf159
sha512: 93a648b0d7756569ea86f95bbb1755b4f296cc14f9b911e4a7e968c8723cfe3cbd415f5dbdeb15356480552f670ce473f838976ed30931c1d06e8b9d060025ae
ssdeep: 12288:28UGseyj8UKZJN92Yk3JX1TtmPEgcDHeejj:NAKZJNYYkHtCEaIj
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T197E48CE739F1807BD67201744E957B78A6EBDA500F227AD32389878D5E35CC24B36236
sha3_384: 6f1e6288f67122dddcdf15ed61088b377129eb7d6ca2dc5075f948d83b23b7f1707a608b23d4bba48c79943103bb4995
ep_bytes: 558bec6aff68088d470068b810410064
timestamp: 2015-08-30 19:42:50


Version Info:

CompanyName: Simon Tatham
ProductName: PuTTY suite
FileDescription: SSH, Telnet and Rlogin client
InternalName: PuTTY
OriginalFilename: PuTTY
FileVersion: Release 0.64
ProductVersion: Release 0.64
LegalCopyright: Copyright © 1997-2015 Simon Tatham.
Translation: 0x0809 0x04b0

Mal/Generic-R + Troj/Zbot-KDF also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Agent.BPAZ
FireEyeGeneric.mg.828b9b2b4557541a
ALYacTrojan.Agent.BPAZ
CylanceUnsafe
ZillyaTrojan.Yakes.Win32.38479
K7AntiVirusTrojan ( 004cec631 )
K7GWTrojan ( 004cec631 )
Cybereasonmalicious.b45575
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Injector.CHVM
APEXMalicious
ClamAVWin.Dropper.Gh0stRAT-6992354-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Agent.BPAZ
NANO-AntivirusTrojan.Win32.Yakes.dvwxuw
AvastWin32:Malware-gen
TencentMalware.Win32.Gencirc.10b28989
Ad-AwareTrojan.Agent.BPAZ
EmsisoftTrojan.Agent.BPAZ (B)
ComodoTrojWare.Win32.Dynamer.AS@60elso
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_INJECTOR_EK0404FE.UVPM
McAfee-GW-EditionPWSZbot-FAKV!828B9B2B4557
SophosMal/Generic-R + Troj/Zbot-KDF
IkarusTrojan.Win32.Injector
GDataTrojan.Agent.BPAZ
JiangminTrojan.Generic.esyvx
WebrootW32.Gen.BT
AviraTR/AD.CeeInject.neyzo
Antiy-AVLTrojan/Generic.ASMalwS.14009E3
KingsoftWin32.Troj.Yakes.ly.(kcloud)
MicrosoftTrojan:Win32/Bulta!rfn
CynetMalicious (score: 100)
McAfeePWSZbot-FAKV!828B9B2B4557
MAXmalware (ai score=88)
VBA32Trojan.Yakes
MalwarebytesTrojan.Bunitu.ED
TrendMicro-HouseCallTROJ_INJECTOR_EK0404FE.UVPM
RisingTrojan.Generic@ML.98 (RDML:NIJ62yiB0yrUN7MY1aJjTw)
YandexTrojan.Yakes!JpF+ilyuHJ8
FortinetW32/Injector.CGQK!tr
BitDefenderThetaGen:NN.ZexaF.34294.Qy0@aaGcYxqj
AVGWin32:Malware-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_80% (W)
MaxSecureTrojan.Malware.300983.susgen

How to remove Mal/Generic-R + Troj/Zbot-KDF?

Mal/Generic-R + Troj/Zbot-KDF removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment