Spy Trojan

About “MemScan:Trojan.Spy.Zbot.FQL” infection

Malware Removal

The MemScan:Trojan.Spy.Zbot.FQL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MemScan:Trojan.Spy.Zbot.FQL virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine MemScan:Trojan.Spy.Zbot.FQL?


File Info:

name: 14C2CDF929F93DF077AC.mlw
path: /opt/CAPEv2/storage/binaries/fda7d06f43642534cb48016a49e8f3d3e26e53bb782b543518433f95ce6a8104
crc32: 1A4E088D
md5: 14c2cdf929f93df077ac9907bfa133b5
sha1: d5112a4e747b36c14dbf0d826c57f079474d3f12
sha256: fda7d06f43642534cb48016a49e8f3d3e26e53bb782b543518433f95ce6a8104
sha512: 77a5da1ca2e02fa7c5bea2d2a79e4c11c14e4c2a71852ad62d9f41e080b007255d3c4f53560e6f44f7aac65e47b4cacc75306f85058a4c3de46b2df1438301c0
ssdeep: 6144:TFDUhe4SYKHIhbECdgxpWJaMFsHZlZ4dKU6JKjW6Hsvjuu:TFwhLr4xnMFsHlWKUUFAqjN
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18B44E100B6D459B3CAF311B98A5F37E023BD573C2138E89B97E0AD1B07A05727D29796
sha3_384: dbd87c66c09e1fb67deba1c518f1cc90b3a22885e17cc41a1923633bf3d45f33773778513006f5541c650c3ce3d842df
ep_bytes: 558bec83ec0c53568b35481140005733
timestamp: 2015-10-12 15:42:38

Version Info:

0: [No Data]

MemScan:Trojan.Spy.Zbot.FQL also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Zbot.1e!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.10359
MicroWorld-eScanMemScan:Trojan.Spy.Zbot.FQL
ClamAVWin.Malware.Zbot-6978980-0
FireEyeGeneric.mg.14c2cdf929f93df0
CAT-QuickHealTrojan.Generic.21003
ALYacMemScan:Trojan.Spy.Zbot.FQL
Cylanceunsafe
ZillyaTrojan.Zbot.Win32.221962
SangforTrojan.Win32.Save.a
K7AntiVirusSpyware ( 0029a43a1 )
AlibabaMalware:Win32/km_2871.None
K7GWSpyware ( 0029a43a1 )
Cybereasonmalicious.929f93
BitDefenderThetaGen:NN.ZexaF.36196.qmX@ayyp6Zn
VirITTrojan.Win32.Generic.CIMR
CyrenW32/Zbot.BR.gen!Eldorado
SymantecTrojan!im
tehtrisGeneric.Malware
ESET-NOD32Win32/Spy.Zbot.AAO
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan-Spy.Win32.Zbot.wuuc
BitDefenderMemScan:Trojan.Spy.Zbot.FQL
NANO-AntivirusTrojan.Win32.Panda.dykrlv
AvastSf:Crypt-BR [Trj]
TencentMalware.Win32.Gencirc.10b13b79
TACHYONTrojan-Spy/W32.ZBot.270336.CW
EmsisoftMemScan:Trojan.Spy.Zbot.FQL (B)
F-SecureTrojan.TR/Spy.Gen
VIPREMemScan:Trojan.Spy.Zbot.FQL
TrendMicroCryp_Xin1
McAfee-GW-EditionBehavesLike.Win32.PWSZbot.dh
Trapminemalicious.high.ml.score
SophosMal/Behav-010
SentinelOneStatic AI – Malicious PE
GDataMemScan:Trojan.Spy.Zbot.FQL
JiangminTrojan/Generic.bjscx
WebrootW32.Infostealer.Zeus
AviraTR/Spy.Gen
Antiy-AVLTrojan[Spy]/Win32.Zbot
XcitiumTrojWare.Win32.Zbot.NEWA@4qfujn
ArcabitTrojan.Spy.Zbot.FQL
ViRobotTrojan.Win32.Zbot.270336.D
ZoneAlarmTrojan-Spy.Win32.Zbot.wuuc
MicrosoftPWS:Win32/Zbot!CI
GoogleDetected
AhnLab-V3Spyware/Win32.Generic.C858104
Acronissuspicious
McAfeePWS-Zbot.gen.uo
MAXmalware (ai score=86)
VBA32BScope.TrojanSpy.Zbot
MalwarebytesZbot.Spyware.Stealer.DDS
PandaTrj/Genetic.gen
TrendMicro-HouseCallCryp_Xin1
RisingSpyware.Zbot!1.648A (CLASSIC)
IkarusTrojan-Spy.Banker.Citadel
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Generic.AP.142DA!tr
AVGSf:Crypt-BR [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove MemScan:Trojan.Spy.Zbot.FQL?

MemScan:Trojan.Spy.Zbot.FQL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment