How to remove “MemScan:Trojan.Spy.ZBot.EPA”?

The MemScan:Trojan.Spy.ZBot.EPA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MemScan:Trojan.Spy.ZBot.EPA virus can do?

Executable code extraction
Creates RWX memory
Possible date expiration check, exits too soon after checking local time

How to determine MemScan:Trojan.Spy.ZBot.EPA?


File Info:
crc32: 03B985F5
md5: 66044d9d35d6da7521d5bd4d3d0f3c09
name: upload_file
sha1: 82e252d6d90f6f9b3380f339823e6cfdf9e9a4a3
sha256: e0f986f757f76ddb07e207943416c63ea8d26149fbf06c6d76eb892439d15346
sha512: 71655a4959dfab4d9238a7eb4ceee04306dd5c47f6c074bc5dd619706bcb95a45936e8e6ab9af3b583d3346296bba0277221847ab97c5176647c9218821d3596
ssdeep: 3072:AGqgqPdJHZVjNE2R8g7sPKsarKS034NR+8+JAaPONspGsqKCCoQ/ywE:Xqg+JHfTGh2I8+J+Nr/K5K
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
LegalCopyright: Pygoga
InternalName: Uhip
CompanyName: Bientyawahnyav
LegalTrademarks: Maudysisurneoms
ProductName: Dyvoedsoefa
FileDescription: Cebo
OriginalFilename: Uklaric
Translation: 0x0409 0x04b0

MemScan:Trojan.Spy.ZBot.EPA also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	MemScan:Trojan.Spy.ZBot.EPA
CAT-QuickHeal	TrojanPWS.Zbot.Y
McAfee	PWS-Zbot.gen.be
Cylance	Unsafe
VIPRE	Trojan-PWS.Win32.Zbot.gen.y (v)
AegisLab	Trojan.Win32.Generic.l8T4
Sangfor	Malware
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	MemScan:Trojan.Spy.ZBot.EPA
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.d35d6d
Arcabit	Trojan.Spy.ZBot.EPA
TrendMicro	TROJ_KRAP.SMDA
Cyren	W32/Zbot.AE.gen!Eldorado
Symantec	Trojan.Zbot
APEX	Malicious
Kaspersky	Trojan-Spy.Win32.Zbot.gen
Alibaba	TrojanSpy:Win32/ATRAPS.ca58036a
NANO-Antivirus	Trojan.Win32.Zbot.cmyck
SUPERAntiSpyware	Trojan.Agent/Gen-Cryptor
Tencent	Win32.Trojan-spy.Zbot.Wlyy
Ad-Aware	MemScan:Trojan.Spy.ZBot.EPA
Emsisoft	MemScan:Trojan.Spy.ZBot.EPA (B)
Comodo	TrojWare.Win32.Spy.Zbot.ABV@1qlk7c
F-Secure	Trojan.TR/ATRAPS.Gen2
DrWeb	BackDoor.Siggen.16668
Zillya	Trojan.Zbot.Win32.23654
Invincea	ML/PE-A + Mal/FakeAV-CX
McAfee-GW-Edition	BehavesLike.Win32.ZBot.ch
MaxSecure	Trojan.Malware.7175482.susgen
FireEye	Generic.mg.66044d9d35d6da75
Sophos	Mal/FakeAV-CX
Ikarus	Packer.Win32.Krap
Jiangmin	TrojanSpy.Zbot.adnk
Webroot	W32.Malware.Gen
Avira	TR/ATRAPS.Gen2
Gridinsoft	Spy.Win32.Keylogger.oa
Microsoft	PWS:Win32/Zbot.gen!Y
ViRobot	Trojan.Win32.Z.Zbot.169984
ZoneAlarm	Trojan-Spy.Win32.Zbot.gen
GData	MemScan:Trojan.Spy.ZBot.EPA
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Zbot.R1982
Acronis	suspicious
VBA32	SScope.Trojan.FakeAV.01110
ALYac	MemScan:Trojan.Spy.ZBot.EPA
MAX	malware (ai score=100)
Panda	Trj/Sinowal.XCJ
ESET-NOD32	Win32/Spy.Zbot.QT.Gen
TrendMicro-HouseCall	TROJ_KRAP.SMDA
Rising	Trojan.Generic@ML.98 (RDML:SS/ryQQql/9iWYUDJ50h/A)
Yandex	TrojanSpy.Zbot.Gen!Pac.25
SentinelOne	DFI – Malicious PE
eGambit	Generic.Malware
Fortinet	W32/Zbot.TES!tr
BitDefenderTheta	AI:Packer.0558268516
AVG	Win32:Zbot-MSU [Trj]
Avast	Win32:Zbot-MSU [Trj]
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Win32/Trojan.Spy.056

How to remove MemScan:Trojan.Spy.ZBot.EPA?

MemScan:Trojan.Spy.ZBot.EPA removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X