Malware

Troj/Zbot-FDM information

Malware Removal

The Troj/Zbot-FDM is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Zbot-FDM virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Troj/Zbot-FDM?



File Info:

name: 696EBFB634F3AD7235FE.mlw
path: /opt/CAPEv2/storage/binaries/52821b2c716a863cbaca170c89277a10c01931d896b2262d36353068c0b9f32f
crc32: D17BF875
md5: 696ebfb634f3ad7235feacd29b041de0
sha1: 0b7770536eef85abdd6279161b5fa8556340b290
sha256: 52821b2c716a863cbaca170c89277a10c01931d896b2262d36353068c0b9f32f
sha512: 114ed2e1dcd1af8f0a71b03ad8bccb779c14bc12e5fc836629b12e62944425e862d73624fa9a743421e885f033aa657d88f089a7683f4d9b83f9fd936ce5b8e5
ssdeep: 6144:Q5RxCrqo4ydiOwSFb7JkTguBGVe4mLhlRRV9YJG90ieeZtZ4H:Q1CGoVAOwCb7JZuBGyPN9YE90ivLG
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18064CFD1E66026C8F83A8538C156DC097642387E5FA34A4E6E44F68729E63C3973FD47
sha3_384: 1a7310cf39402a021b232710eb6301228c00cdc5a98aba32abe1c42c7d7195f41952d2483005517c9d774f34dc451394
ep_bytes: 558bec83c4ac891da50f430052890db4
timestamp: 2011-07-30 06:58:51


Version Info:

LegalCopyright: © 1997 Usaze Vyva.  Diqary Pac Cugule.
InternalName: Ivo
OriginalFilename: Lmifrtrtqnu.exe
ProductName: Osuvoka
ProductVersion: 8, 2
FileDescription: Ibub Suqawo Qiserig
CompanyName: Apple Computer, Inc.
FileVersion: 8, 2, 4
LegalTrademarks: Uko Uqiku Okif Funomy Luwiby Demuh Ejopu
Translation: 0x0409 0x04b0

Troj/Zbot-FDM also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Zygug.5
FireEyeGeneric.mg.696ebfb634f3ad72
CAT-QuickHealTrojanPWS.Zbot.Gen
CylanceUnsafe
VIPREGen:Heur.Zygug.5
SangforTrojan.Win32.Save.a
K7AntiVirusEmailWorm ( 0040f4131 )
K7GWEmailWorm ( 0040f4131 )
Cybereasonmalicious.634f3a
ArcabitTrojan.Zygug.5
VirITTrojan.Win32.Zyx.UK
CyrenW32/Trojan.LYTQ-7476
SymantecTrojan.Zbot
ESET-NOD32Win32/Spy.Zbot.AAU
APEXMalicious
ClamAVWin.Trojan.Inject-10333
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Zygug.5
NANO-AntivirusTrojan.Win32.Inject.crkznm
AvastWin32:MalPack-G [Trj]
TencentMalware.Win32.Gencirc.10c7f76a
Ad-AwareGen:Heur.Zygug.5
TACHYONTrojan/W32.Inject.329728.G
SophosTroj/Zbot-FDM
ComodoTrojWare.Win32.Kryptik.BYSV@599pss
DrWebTrojan.PWS.Panda.3734
ZillyaTrojan.Inject.Win32.58724
McAfee-GW-EditionPWS-Zbot-FAXR!696EBFB634F3
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.Zygug.5 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.dxeaq
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Crypt.ZPACK.Gen2
Antiy-AVLTrojan/Generic.ASMalwS.77
KingsoftWin32.Troj.Undef.(kcloud)
MicrosoftPWS:Win32/Zbot!ml
GDataGen:Heur.Zygug.5
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Inject.329728.J
McAfeePWS-Zbot-FAXR!696EBFB634F3
MAXmalware (ai score=89)
VBA32BScope.Trojan.MTA.0661
RisingRansom.Crowti!8.37D (TFE:1:Jg5vZCfu58D)
YandexTrojan.GenAsa!WxojyL8Pofg
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.AOV!tr
BitDefenderThetaGen:NN.ZexaF.34646.uu1@aSZHIDci
AVGWin32:MalPack-G [Trj]
PandaTrj/Zbot.M
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Troj/Zbot-FDM?

Troj/Zbot-FDM removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment