The PWS:Win32/Zbot.AIH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.
Gridinsoft Anti-Malware
Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
What PWS:Win32/Zbot.AIH virus can do?
- Behavioural detection: Executable code extraction – unpacking
- Reads data out of its own binary image
- CAPE extracted potentially suspicious content
- The binary contains an unknown PE section name indicative of packing
- Authenticode signature is invalid
- Attempts to identify installed analysis tools by a known file location
- Detects the presence of Wine emulator via registry key
- Detects VirtualBox through the presence of a device
- Detects VMware through the presence of a device
- Checks for a known DeepFreeze Frozen State Mutex
- Collects information to fingerprint the system
How to determine PWS:Win32/Zbot.AIH?
File Info:
name: 303E06F3AFD1687E0E40.mlwpath: /opt/CAPEv2/storage/binaries/1883b88b24b05748cfd658d8ec190afb2689282672915c92e31df76496472667crc32: 981F742Cmd5: 303e06f3afd1687e0e405875b34a7e25sha1: 78ce78a5ee57f4af373503241da7fb27ef90456esha256: 1883b88b24b05748cfd658d8ec190afb2689282672915c92e31df76496472667sha512: 02d3191c3779c555ef36c2c900cd0ce815536883e14936215fdfbcfcb56d0a44b7aac665e2978eec593a7ab67a9df7b7f1c9684e7d533c5bdafb0628a75aa902ssdeep: 1536:IPXNwW1TtR0pc+YYcDRGEFOooJTbypkppFl:eiYJR0pcycvF43IkbFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11E3402AB69B189AACDD82E7A9297553CFE32DA1077D8C944C2120369CD36787FC4DC1Csha3_384: 67687840589e61f03504bf06d37293e9752168ac736cc9d40e271e9bd3686ad2adaae6dae16595ed2f4383705d9eb99dep_bytes: 8b0dfc8a43008b3d948e43008b1dcc85timestamp: 2005-03-28 07:45:41Version Info:
FileVersion: 16.26.0.1729 98988ProductVersion: 16.26.0.1729 98988CompanyName: BitdefenderFileDescription: Bitdefender Safepay Cleanup H졡귎㢶誮ㆱ裐쏣뮼뒒茄榸㇏Ꝙ퉼绎缝莘薈ܾ箫ᔊਂ홀udd4f柣툑섃珽좪룁⻝耋档┃뫌駊㬽뎀茄榸㇏Ꝙ퉼绎缝莘薈ܾ箫ᔊਂ홀udd4f柣툑섃珽좪룁⻝耋档┃뫌駊㬽뎀併麄噕嘉⻋製ⷻ䄭쩾㤥罐㾔̾쭵꩒퐗udf8cꮮ묟吢ٍ䔪ꥵࣂ䄼⿐袋륢램俆榄冁ꅪ캜됟૪ۙ梩薆ud8e2갢譲旞͋뫖魠蜵㑄ò蹰ꃸ濧젃値ᕂ䟇聐Ь뛮ꠎ뇞㿽煣쯑恒ᜰ㰠淝踁礶냒蘈ᕖ肯樤㇛譪톕㴾쭐ه㉉滔DZ뉂酛䶧蕤笌檖쇴ᣢ䖾錐॒ᓰ젷痊➉뽳Ӝ뵶ude0dudc39ud87a끼憄ꃐ夎赅떳듂뭰夃۫魭쫓ɮ⏪정ቹ廗ᜏ硭蝽ud969튀㊎꾙甹䏄湛ﲟ鄛兕෩焟붱▔᱁㔹udd79皬뫊卯ⵍ檳늷饞ꩬ荃驢놥ྮᠩ⬞땜韔ᔟ枙ೆ馳Ỳ焈硄㯎迩嵞뻍⤠趥翶鄍넠瀲驟鵇繿ణ縐ŭ凢푹繠눢몪뎯閻礏꼑턡狑愄釈뻿ꂱზ㧢濱檅㪡瘐뉼ꭳ乧賘姯虈蚦Ḍ蒭摗쫵呫鯯దῺ龅苈㳡齠ᵭ㥓둛䢔റ驈쭐죸͂㏌ᦝ뱍䉋ힿ⛹硤㈮쵀鵦udc5a軮䵒ᣮ䩋㳝滋⭚șѓ㴴ꯊ蝣땿㖁⽄迊鳝瘋焨렔ꛪﱷ鸲苳嶄ud847ꔿṹ☤斡ా蒱ꦥ쩼ꢔߗudbee엩Ỻ桅艍폤ҳ 鵅劮ẗ觢േ啫䔸噹ⲱ펁↾⍖슀ḗ鞾缚敡Ῡ嘆Ѯꄵ裁뗽斂枋:
PWS:Win32/Zbot.AIH also known as:
| Bkav | W32.AIDetectMalware |
| Lionic | Trojan.Win32.Emotet.L!c |
| MicroWorld-eScan | Trojan.Brsecmon.1 |
| FireEye | Generic.mg.303e06f3afd1687e |
| CAT-QuickHeal | TrojanPWS.Zbot.Y10 |
| Skyhigh | BehavesLike.Win32.PWSZbot.dh |
| McAfee | PWS-Zbot-FAQX!303E06F3AFD1 |
| Cylance | unsafe |
| Sangfor | Suspicious.Win32.Save.a |
| K7AntiVirus | Riskware ( 0040eff71 ) |
| Alibaba | TrojanSpy:Win32/EncPk.fba42a97 |
| K7GW | Riskware ( 0040eff71 ) |
| Cybereason | malicious.3afd16 |
| VirIT | Trojan.Win32.Generic.CGHN |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | Win32/Spy.Zbot.AAQ |
| Zoner | Trojan.Win32.15719 |
| APEX | Malicious |
| ClamAV | Win.Trojan.Zbot-61859 |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| BitDefender | Trojan.Brsecmon.1 |
| Avast | Win32:Evo-gen [Trj] |
| Tencent | Malware.Win32.Gencirc.1185300d |
| TACHYON | Trojan-Spy/W32.ZBot.234496.AG |
| Emsisoft | Trojan.Brsecmon.1 (B) |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen2 |
| DrWeb | Trojan.Crypt.61 |
| Zillya | Trojan.Zbot.Win32.108959 |
| TrendMicro | TROJ_SPNR.35E013 |
| Trapmine | malicious.high.ml.score |
| Sophos | Mal/EncPk-ZC |
| Ikarus | Trojan.Spy.ZBot |
| Jiangmin | TrojanSpy.Zbot.cwws |
| Varist | W32/Backdoor.KNAF-7497 |
| Avira | TR/Crypt.ZPACK.Gen2 |
| Antiy-AVL | Trojan[Spy]/Win32.Zbot |
| Kingsoft | malware.kb.a.1000 |
| Microsoft | PWS:Win32/Zbot.AIH |
| Xcitium | TrojWare.Win32.Spy.Zbot.JQU@4wvmqe |
| Arcabit | Trojan.Brsecmon.1 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
| GData | Trojan.Brsecmon.1 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Spyware/Win32.Zbot.R58150 |
| BitDefenderTheta | Gen:NN.ZexaF.36802.oG0@aqaRa!mi |
| ALYac | Trojan.Brsecmon.1 |
| MAX | malware (ai score=100) |
| VBA32 | BScope.Malware-Cryptor.Emotet |
| Malwarebytes | Malware.AI.1164027048 |
| Panda | Generic Malware |
| TrendMicro-HouseCall | TROJ_SPNR.35E013 |
| Rising | Malware.Zbot!8.E95E (TFE:1:jk6XK9Chg9D) |
| Yandex | TrojanSpy.Zbot!OinXtiqLiAU |
| SentinelOne | Static AI – Malicious PE |
| MaxSecure | Trojan.Malware.7164915.susgen |
| Fortinet | W32/Zbot.AAQ!tr |
| AVG | Win32:Evo-gen [Trj] |
| DeepInstinct | MALICIOUS |
| CrowdStrike | win/malicious_confidence_100% (D) |
| alibabacloud | Trojan[spy]:Win/Zbot.AAQ |
How to remove PWS:Win32/Zbot.AIH?
- Download and install GridinSoft Anti-Malware.
- Open GridinSoft Anti-Malware and perform a “Standard scan“.
- “Move to quarantine” all items.
- Open “Tools” tab – Press “Reset Browser Settings“.
- Select proper browser and options – Click “Reset”.
- Restart your computer.
Leave a Comment