Malware

How to remove “PWS:Win32/Zbot.AFH”?

Malware Removal

The PWS:Win32/Zbot.AFH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What PWS:Win32/Zbot.AFH virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Reads data out of its own binary image
  • Attempts to repeatedly call a single API many times in order to delay analysis time

How to determine PWS:Win32/Zbot.AFH?



File Info:

crc32: 524EBC90
md5: 11597f43e4dc2a74cd42c5aee6193113
name: 11597F43E4DC2A74CD42C5AEE6193113.mlw
sha1: f4f6060d73e15c5f2d54a7d93f3a8afb89220428
sha256: 216bfa09a23e9d6f4c2b97ca57bc439e0c95a1c00c15763869ce286e22937634
sha512: ebdded9cee55a2db46663508d02c7b9d003b40853ebc1a8fe5016d501b784fd166addc4fed254f595912b712864ec08fd9802563b481f39739f12e7dd42dce77
ssdeep: 6144:ZyII5VhshovMFPtl2OFCDXZo5ikG/HrDVjN/w77nOPu77VgVb83S1GJZ:ushUM52OsvrDVjN/wfnhVgViLZ
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

0: [No Data]

PWS:Win32/Zbot.AFH also known as:

BkavW32.AIDetect.malware2
K7AntiVirusSpyware ( 0029a43a1 )
LionicTrojan.Win32.Zbot.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.1981
CynetMalicious (score: 100)
ALYacTrojan.GenericKD.41415912
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.76526
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojanSpy:Win32/Spyware.bfd7a117
K7GWSpyware ( 0029a43a1 )
Cybereasonmalicious.3e4dc2
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Spy.Zbot.AAO
APEXMalicious
AvastWin32:Zbot-PKH [Trj]
ClamAVWin.Spyware.Zbot-66379
KasperskyTrojan-Spy.Win32.Zbot.yuep
BitDefenderTrojan.GenericKD.41415912
NANO-AntivirusTrojan.Win32.Zbot.bcahlv
ViRobotTrojan.Win32.A.Zbot.315392.I
MicroWorld-eScanTrojan.GenericKD.41415912
TencentMalware.Win32.Gencirc.11497b2f
Ad-AwareTrojan.GenericKD.41415912
SophosML/PE-A
ComodoMalware@#129k0t4a8ltj8
BitDefenderThetaGen:NN.ZexaF.34294.tmW@aigAoxd
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionPWS-Zbot.gen.aoi
FireEyeGeneric.mg.11597f43e4dc2a74
EmsisoftTrojan.GenericKD.41415912 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.cbyq
WebrootW32.InfoStealer.Zeus
AviraTR/Crypt.ZPACK.Gen8
Antiy-AVLTrojan/Generic.ASMalwS.248B3
MicrosoftPWS:Win32/Zbot.AFH
GDataTrojan.GenericKD.41415912
TACHYONTrojan-Spy/W32.ZBot.315392.AF
McAfeePWS-Zbot.gen.aoi
MAXmalware (ai score=87)
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.4246621849
PandaGeneric Malware
RisingTrojan.Generic@ML.100 (RDML:NqKUbMvkfF/Au7VH/t1OLw)
YandexTrojan.GenAsa!kFCtZpbkYF8
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.4505925.susgen
FortinetW32/Zbot.ATA!tr
AVGWin32:Zbot-PKH [Trj]
Paloaltogeneric.ml

How to remove PWS:Win32/Zbot.AFH?

PWS:Win32/Zbot.AFH removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment