Spy

Spyware.Zbot.ES removal

Malware Removal

The Spyware.Zbot.ES is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Spyware.Zbot.ES virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • At least one process apparently crashed during execution
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Deletes executed files from disk
  • Collects information to fingerprint the system

How to determine Spyware.Zbot.ES?



File Info:

name: 26F6FD610980D16EBBE3.mlw
path: /opt/CAPEv2/storage/binaries/1ab53d768d00f8b3100a9132efb7a4a7731417ee0b2c53bba283d7d9db906b06
crc32: 7647047A
md5: 26f6fd610980d16ebbe3001aa28cdcaa
sha1: 54ad929b05cb9af97295d4258684f513c739b115
sha256: 1ab53d768d00f8b3100a9132efb7a4a7731417ee0b2c53bba283d7d9db906b06
sha512: ecbb69304a2be2a78b3da54d8aecdd476ab30d73317bb9e66243ea3422dd8aedc2bd1a436d9e1ab4fe12bb86a37c172e136659d0a6ed3e308c15b3bec1d9f4fe
ssdeep: 3072:Y07IRq2auA5ThcFs0vGop41lfPqgHbXfLv14afixLitrcm21N76QouvoOX:J7I80YhUte1lfPqg7XDN4afixWam2L6s
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1EAE31202CB578B5CD56A8832290DA64D0E13D0097D2819F8EA6CD17D84D7FBC5FAC6AF
sha3_384: 3a8bc61a0158e10d8eca3e6bb4a8dcd277f24c928471b8c5b3d682837dd22cc2613762b7100b2b3671de727b742867de
ep_bytes: 60be009042008dbe0080fdff5789e58d
timestamp: 2011-06-27 07:33:16


Version Info:

CompanyName: TwinSSoft
FileDescription: Vodka Eight Dang
FileVersion: 8.6
Translation: 0x0409 0x04b0

Spyware.Zbot.ES also known as:

BkavW32.Common.45938A42
LionicTrojan.Win32.Zbot.l!c
Elasticmalicious (moderate confidence)
DrWebTrojan.Carberp.694
MicroWorld-eScanTrojan.Generic.KD.565444
FireEyeGeneric.mg.26f6fd610980d16e
CAT-QuickHealTrojanPWS.Zbot.Y
ALYacTrojan.Generic.KD.565444
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusPassword-Stealer ( 003c6e581 )
AlibabaTrojanSpy:Win32/Generic.253820aa
K7GWPassword-Stealer ( 003c6e581 )
Cybereasonmalicious.10980d
ArcabitTrojan.Generic.KD.D8A0C4
BitDefenderThetaGen:NN.ZexaF.34806.jmLfa0dyp2li
VirITTrojan.Win32.Generic.BQZA
CyrenW32/Worm.XCUH-4746
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32Win32/Spy.Zbot.YW
TrendMicro-HouseCallTROJ_INJECT.BVN
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-19363
KasperskyTrojan-Spy.Win32.Zbot.dngp
BitDefenderTrojan.Generic.KD.565444
NANO-AntivirusTrojan.Win32.Panda.bbmozg
AvastWin32:Spyware-gen [Spy]
RisingSpyware.Zbot!8.16B (CLOUD)
Ad-AwareTrojan.Generic.KD.565444
EmsisoftTrojan.Generic.KD.565444 (B)
ComodoMalware@#ds7gcs9v82nh
F-SecureTrojan.TR/Rogue.KD.565444
VIPRETrojan.Generic.KD.565444
TrendMicroTROJ_INJECT.BVN
McAfee-GW-EditionGeneric.ju
Trapminemalicious.high.ml.score
SophosMal/Generic-R + Mal/Zbot-EZ
IkarusTrojan-Dropper.Win32.Injector
JiangminTrojanSpy.Zbot.bpcn
WebrootW32.InfoStealer.Zeus
AviraTR/Rogue.KD.565444
MAXmalware (ai score=100)
Antiy-AVLTrojan[Spy]/Win32.Zbot
KingsoftWin32.Troj.Injector.(kcloud)
MicrosoftTrojan:Win32/Skeeyah.A!rfn
ViRobotTrojan.Win32.A.Zbot.155728
ZoneAlarmTrojan-Spy.Win32.Zbot.dngp
GDataTrojan.Generic.KD.565444
AhnLab-V3Win-Trojan/Zbot.155728.B
McAfeeGeneric.ju
VBA32Malware-Cryptor.ImgChk
MalwarebytesSpyware.Zbot.ES
APEXMalicious
TencentWin32.Trojan-spy.Zbot.Htwg
YandexTrojan.GenAsa!849dD2FjPT0
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.3721980.susgen
FortinetW32/Kryptik.ABC!tr
AVGWin32:Spyware-gen [Spy]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Spyware.Zbot.ES?

Spyware.Zbot.ES removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment