Malware

How to remove “Sf:Zbot-D [Trj]”?

Malware Removal

The Sf:Zbot-D [Trj] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Sf:Zbot-D [Trj] virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Sf:Zbot-D [Trj]?



File Info:

name: 2E34B13C88E8D110B3C6.mlw
path: /opt/CAPEv2/storage/binaries/46873f71302afcaec34236abe0382a4bdc51ca0d2380465ff7ce3f1a5880be61
crc32: 57BBB6FF
md5: 2e34b13c88e8d110b3c61018a0ac3f39
sha1: bcf7fc22f41aae657439cc7da71767aae59c67b9
sha256: 46873f71302afcaec34236abe0382a4bdc51ca0d2380465ff7ce3f1a5880be61
sha512: 2c277519fb05460ce09c81beb85d78dbe3642941f58bf9eea0ea5da843a5e0ced6fce9b3adb291a9cb81c8ad4cc2c6c483ae80d2570c96668819348cc8a7be15
ssdeep: 3072:5EBLWroElNwA2CpQhFV/I3xfRgVTrdX+T1ToymtSXS/+RWA4+u+glXWtsoYYEUYo:m8o8NwAHpQzZgxfUdEloyxXPWZshx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B4C493D1F2DCC494E0A658728CB7DC76A5B73D7DD8A4441771DDBA3B3BA2342002EA1A
sha3_384: be0ed452396ca1ed8da837c22a8a4640477deb613ee083e467e5b8d41978fd73e2221ba3a5195d1ccf4ba8ca97b98cff
ep_bytes: 558bec81ec7c02000056ff1500304000
timestamp: 2018-08-13 13:37:25


Version Info:

0: [No Data]

Sf:Zbot-D [Trj] also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanTrojan.Spy.IcedId.A
FireEyeGeneric.mg.2e34b13c88e8d110
ALYacTrojan.Spy.IcedId.A
CylanceUnsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34712.ImZ@ayVR9Po
CyrenW32/IcedID.G.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Spy.IcedId.H
ClamAVWin.Dropper.IcedID-7058857-0
KasperskyHEUR:Trojan-Banker.Win32.IcedID.a
BitDefenderTrojan.Spy.IcedId.A
NANO-AntivirusTrojan.Win32.IcedId.fhhstw
AvastSf:Zbot-D [Trj]
Ad-AwareTrojan.Spy.IcedId.A
EmsisoftTrojan.Spy.IcedId.A (B)
ComodoTrojWare.Win32.TrojanDownloader.Hundr.BA@848koz
DrWebTrojan.IcedID.13
McAfee-GW-EditionBehavesLike.Win32.Generic.hz
SentinelOneStatic AI – Malicious PE
Trapminemalicious.high.ml.score
SophosML/PE-A + Troj/BokBot-F
APEXMalicious
GDataTrojan.Spy.IcedId.A
AviraTR/Crypt.ZPACK.Gen
ArcabitTrojan.Spy.IcedId.A
MicrosoftTrojanSpy:Win32/IcedId.B!dha
CynetMalicious (score: 100)
AhnLab-V3Malware/Win32.Generic.C2731133
Acronissuspicious
McAfeeGenericRXGK-WI!2E34B13C88E8
MAXmalware (ai score=84)
VBA32TScope.Malware-Cryptor.SB
MalwarebytesTrojan.MalPack
RisingTrojan.Generic@AI.90 (RDML:KuHJyK+JQbwEnxSGpMP/4Q)
YandexTrojan.GenAsa!QJghlwpF/wQ
IkarusTrojan-Spy.Agent
FortinetW32/IcedId.H!tr
AVGSf:Zbot-D [Trj]
Cybereasonmalicious.c88e8d

How to remove Sf:Zbot-D [Trj]?

Sf:Zbot-D [Trj] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment