Fake Trojan

Trojan.FakeAlert.DBZ (B) malicious file

Malware Removal

The Trojan.FakeAlert.DBZ (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.FakeAlert.DBZ (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • CAPE extracted potentially suspicious content
  • Unconventionial binary language: Russian
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Steals private information from local Internet browsers
  • Exhibits behavior characteristic of Pony malware
  • Collects information about installed applications
  • Harvests cookies for information gathering
  • Harvests credentials from local FTP client softwares
  • Harvests information related to installed mail clients

How to determine Trojan.FakeAlert.DBZ (B)?



File Info:

name: 84D379B52E7B06A35370.mlw
path: /opt/CAPEv2/storage/binaries/fde2e4c0643dc1dfffe81fc4a910ce6329ea6ec4f567d222a7bd7b4afb527689
crc32: 553ECB51
md5: 84d379b52e7b06a35370753e0b1a2bf5
sha1: 993f3002d8a6b18b3d64ec6c8182047be6a10e6a
sha256: fde2e4c0643dc1dfffe81fc4a910ce6329ea6ec4f567d222a7bd7b4afb527689
sha512: 6c80db597b9933a444c3278d0c23922a07850364b228f13882de14ee7db6916029ceb57e0df09ac317d78cf1df7b36abcf98ad3a3d00fb4a8e706a27fb54694a
ssdeep: 3072:HBkNMBJdRqdM2jdmr1ejDzfCoCvCyC532:HBDBkdM2hmGCoCvCyCE
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T10A148B2BE8534872FCC626FF0C65A1426E30FE521F30C5A664E92B2631FD6BB25405BD
sha3_384: 0b256b09b7113cbe3e27b1331437411af6f0992d9241c8ed3472d7bcffec1355a57de93c7fea714f176676935076d867
ep_bytes: 558bec892d50314200e8e2fcffff5dc3
timestamp: 2012-12-12 11:41:56


Version Info:

CompanyName: Корпорация Майкрософт
FileDescription: Мастер создания общих ресурсов
FileVersion: 5.1.2600.5512 (xpsp.080413-2108)
InternalName: SHRWIZ
LegalCopyright: © Корпорация Майкрософт. Все права защищены.
OriginalFilename: shrpubw.exe
ProductName: Операционная система Microsoft® Windows®
ProductVersion: 5.1.2600.5512
Translation: 0x0419 0x04b0

Trojan.FakeAlert.DBZ (B) also known as:

LionicTrojan.Win32.Zbot.lGdW
Elasticmalicious (high confidence)
DrWebTrojan.Packed.23728
MicroWorld-eScanTrojan.FakeAlert.DBZ
FireEyeGeneric.mg.84d379b52e7b06a3
CAT-QuickHealTrojanPWS.Zbot.Gen
ALYacTrojan.FakeAlert.DBZ
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0040f02a1 )
AlibabaVirTool:Win32/Obfuscator.88a45555
K7GWTrojan ( 0040d0431 )
Cybereasonmalicious.52e7b0
ArcabitTrojan.FakeAlert.DBZ
BitDefenderThetaGen:NN.ZexaF.34212.lu2@aeK!F5fc
VirITTrojan.Win32.Agent.I
CyrenW32/Zbot.GQ.gen!Eldorado
SymantecPacked.Generic.406
ESET-NOD32a variant of Win32/Kryptik.AQJX
TrendMicro-HouseCallTSPY_ZBOT.SM18
Paloaltogeneric.ml
ClamAVWin.Malware.Zeus-9817624-1
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.FakeAlert.DBZ
NANO-AntivirusTrojan.Win32.Kryptik.gdsmds
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
AvastWin32:Agent-AQQL [Trj]
TencentWin32.Trojan.Falsesign.Ecal
Ad-AwareTrojan.FakeAlert.DBZ
EmsisoftTrojan.FakeAlert.DBZ (B)
ComodoTrojWare.Win32.PWS.ZBot.ASY@4sonv8
VIPRETrojan.Win32.Zbot.ak (v)
TrendMicroTSPY_ZBOT.SM18
McAfee-GW-EditionPWS-Zbot.gen.asq
SophosMal/Generic-R + Troj/Zbot-DHN
IkarusTrojan-PWS.Win32.Zbot
JiangminTrojan.Generic.dxebs
MaxSecureTrojan.Malware.7164915.susgen
AviraTR/Crypt.XPACK.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.2FA1A2
MicrosoftPWS:Win32/Fareit
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.FakeAlert.DBZ
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R44064
Acronissuspicious
McAfeePWS-Zbot.gen.aua
MAXmalware (ai score=100)
VBA32BScope.Trojan.Cloxer
APEXMalicious
RisingSpyware.Zbot!8.16B (TFE:dGZlOgO0KqrHMCKr/g)
YandexTrojan.Agent!S4KywIZ1aXg
SentinelOneStatic AI – Malicious PE
eGambitGeneric.Malware
FortinetW32/ZBOT.QT!tr
WebrootW32.Infostealer.Zeus
AVGWin32:Agent-AQQL [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_70% (D)

How to remove Trojan.FakeAlert.DBZ (B)?

Trojan.FakeAlert.DBZ (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment