Categories: Malware

How to remove “PWS:Win32/Zbot.AIH”?

The PWS:Win32/Zbot.AIH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What PWS:Win32/Zbot.AIH virus can do?

Behavioural detection: Executable code extraction – unpacking
Reads data out of its own binary image
CAPE extracted potentially suspicious content
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Attempts to identify installed analysis tools by a known file location
Detects the presence of Wine emulator via registry key
Detects VirtualBox through the presence of a device
Detects VMware through the presence of a device
Checks for a known DeepFreeze Frozen State Mutex
Collects information to fingerprint the system

How to determine PWS:Win32/Zbot.AIH?


File Info:
name: 303E06F3AFD1687E0E40.mlwpath: /opt/CAPEv2/storage/binaries/1883b88b24b05748cfd658d8ec190afb2689282672915c92e31df76496472667crc32: 981F742Cmd5: 303e06f3afd1687e0e405875b34a7e25sha1: 78ce78a5ee57f4af373503241da7fb27ef90456esha256: 1883b88b24b05748cfd658d8ec190afb2689282672915c92e31df76496472667sha512: 02d3191c3779c555ef36c2c900cd0ce815536883e14936215fdfbcfcb56d0a44b7aac665e2978eec593a7ab67a9df7b7f1c9684e7d533c5bdafb0628a75aa902ssdeep: 1536:IPXNwW1TtR0pc+YYcDRGEFOooJTbypkppFl:eiYJR0pcycvF43IkbFtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T11E3402AB69B189AACDD82E7A9297553CFE32DA1077D8C944C2120369CD36787FC4DC1Csha3_384: 67687840589e61f03504bf06d37293e9752168ac736cc9d40e271e9bd3686ad2adaae6dae16595ed2f4383705d9eb99dep_bytes: 8b0dfc8a43008b3d948e43008b1dcc85timestamp: 2005-03-28 07:45:41
Version Info:
FileVersion: 16.26.0.1729 98988ProductVersion: 16.26.0.1729 98988CompanyName: BitdefenderFileDescription: Bitdefender Safepay Cleanup H졡귎㢶誮ㆱ裐쏣뮼뒒茄榸㇏Ꝙ퉼绎缝᳈莘薈ܾ箫ᔊਂ홀udd4f柣툑섃珽좪룁⻝耋档┃뫌駊㬽뎀茄榸㇏Ꝙ퉼绎缝᳈莘薈ܾ箫ᔊਂ홀udd4f柣툑섃珽좪룁⻝耋档┃뫌駊㬽뎀併麄噕嘉⻋製ⷻ䄭쩾㤥罐㾔̾쭵꩒⶿퐗udf8cꮮ묟吢ٍ䔪ꥵࣂ䄼⿐袋륢램俆榄冁ꅪ캜됟૪ۙ梩薆ud8e2갢譲旞͋뫖໬魠蜵㑄ò蹰ꃸ濧젃値ᕂ䟇聐Ь뛮ꠎ뇞㿽煣쯑恒ᜰ㰠淝踁礶냒蘈ᕖ肯樤㇛譪톕㴾쭐ه㉉滔Ǳ뉂酛䶧蕤笌檖쇴ᣢ䖾錐॒ᓰ젷痊➉뽳Ӝ뵶ude0dudc39ud87a끼憄ꃐ夎赅떳⁨듂뭰夃۫魭쫓ɮ⏪정ቹ廗ᜏ硭蝽ud969튀㊎꾙甹䏄湛ﲟ鄛兕෩焟붱▔᱁㔹udd79皬뫊׵卯ⵍ檳늷饞ꩬ荃驢놥ྮᠩ⬞땜韔ᔟ枙ೆ馳Ỳ焈硄㯎迩嵞뻍⤠趥翶鄍넠瀲驟鵇繿ణ縐ŭ凢푹繠눢몪뎯閻礏꼑턡狑愄釈꧎뻿ꂱ᏾ზ㧢濱檅㪡瘐뉼ꭳ乧賘姯虈蚦Ḍ蒭摗쫵呫鯯దῺ龅苈㳡齠ᵭ㥓둛䢔റ驈쭐죸͂㏌ᦝ뱍䉋ힿ⛹硤㈮쵀鵦udc5a軮䵒ᣮ䩋㳝滋⭚ș៼ѓ㴴ꯊ蝣땿㖁⽄迊鳝瘋焨렔ꛪﱷ鸲苳嶄ud847ꔿṹ☤斡ా蒱ꦥ쩼ꢔߗudbee엩Ỻ桅艍폤꧜ҳ
鵅劮ẗ觢േ啫䔸噹ⲱ펁↾⍖슀ḗ鞾缚敡Ῡ嘆Ѯꄵ裁뗽斂枋:

PWS:Win32/Zbot.AIH also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Emotet.L!c
MicroWorld-eScan	Trojan.Brsecmon.1
FireEye	Generic.mg.303e06f3afd1687e
CAT-QuickHeal	TrojanPWS.Zbot.Y10
Skyhigh	BehavesLike.Win32.PWSZbot.dh
McAfee	PWS-Zbot-FAQX!303E06F3AFD1
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanSpy:Win32/EncPk.fba42a97
K7GW	Riskware ( 0040eff71 )
Cybereason	malicious.3afd16
VirIT	Trojan.Win32.Generic.CGHN
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Spy.Zbot.AAQ
Zoner	Trojan.Win32.15719
APEX	Malicious
ClamAV	Win.Trojan.Zbot-61859
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Brsecmon.1
Avast	Win32:Evo-gen [Trj]
Tencent	Malware.Win32.Gencirc.1185300d
TACHYON	Trojan-Spy/W32.ZBot.234496.AG
Emsisoft	Trojan.Brsecmon.1 (B)
F-Secure	Trojan.TR/Crypt.ZPACK.Gen2
DrWeb	Trojan.Crypt.61
Zillya	Trojan.Zbot.Win32.108959
TrendMicro	TROJ_SPNR.35E013
Trapmine	malicious.high.ml.score
Sophos	Mal/EncPk-ZC
Ikarus	Trojan.Spy.ZBot
Jiangmin	TrojanSpy.Zbot.cwws
Varist	W32/Backdoor.KNAF-7497
Avira	TR/Crypt.ZPACK.Gen2
Antiy-AVL	Trojan[Spy]/Win32.Zbot
Kingsoft	malware.kb.a.1000
Microsoft	PWS:Win32/Zbot.AIH
Xcitium	TrojWare.Win32.Spy.Zbot.JQU@4wvmqe
Arcabit	Trojan.Brsecmon.1
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.Brsecmon.1
Cynet	Malicious (score: 100)
AhnLab-V3	Spyware/Win32.Zbot.R58150
BitDefenderTheta	Gen:NN.ZexaF.36802.oG0@aqaRa!mi
ALYac	Trojan.Brsecmon.1
MAX	malware (ai score=100)
VBA32	BScope.Malware-Cryptor.Emotet
Malwarebytes	Malware.AI.1164027048
Panda	Generic Malware
TrendMicro-HouseCall	TROJ_SPNR.35E013
Rising	Malware.Zbot!8.E95E (TFE:1:jk6XK9Chg9D)
Yandex	TrojanSpy.Zbot!OinXtiqLiAU
SentinelOne	Static AI – Malicious PE
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	W32/Zbot.AAQ!tr
AVG	Win32:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)
alibabacloud	Trojan[spy]:Win/Zbot.AAQ