Spy Trojan

Trojan-Spy.Win32.Zbot.dkuo removal tips

Malware Removal

The Trojan-Spy.Win32.Zbot.dkuo is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan-Spy.Win32.Zbot.dkuo virus can do?

  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Injection (inter-process)
  • Behavioural detection: Injection with CreateRemoteThread in a remote process
  • Attempts to modify proxy settings
  • Deletes executed files from disk

How to determine Trojan-Spy.Win32.Zbot.dkuo?



File Info:

name: 20E2101916FACDF58340.mlw
path: /opt/CAPEv2/storage/binaries/b79aff95057137e3bbe54bbc89a33c5782986dd154d9a20e529e02ced5af3cc9
crc32: EF70321C
md5: 20e2101916facdf58340613a31fb689e
sha1: 0bd31908ee991f7c1b16fc0b5dc980e385f19427
sha256: b79aff95057137e3bbe54bbc89a33c5782986dd154d9a20e529e02ced5af3cc9
sha512: 8cddaafbb1c0c5802b9d5661bdce8875a0aee1f1fbbbf6ff9804a5ce7248424dc27e6c77783695d04f2e8eafd78d176a8994dcee096f013588f31dab3acd78ee
ssdeep: 3072:DlZ5bfhSILrwJvNR/kuRjfJACYfsG+qeL0WT7B43foo1Oe7hA:DlZL5LUJLRjRTGgVT7B43KWhA
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E9E3AF6775C0A0F3D96B2671AA69B22663FF9D3423349C43E3184D2935628D3B32D74B
sha3_384: 3aff74f555afcbdc50e60c761235993a6c9aa7682821f1a73d47284f958fc0953363d57b5a3c62c2c36ef200ff268878
ep_bytes: 558bec83ec0c536a0032dbe8f5f0ffff
timestamp: 2012-01-24 13:03:24


Version Info:

0: [No Data]

Trojan-Spy.Win32.Zbot.dkuo also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.Dreidel.imX@y0ktLHh
CAT-QuickHealTrojanPWS.Zbot.Y3
ALYacGen:Heur.Mint.Dreidel.imX@y0ktLHh
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.158039
SangforTrojan.Win32.Save.a
BitDefenderGen:Heur.Mint.Dreidel.imX@y0ktLHh
Cybereasonmalicious.916fac
ArcabitTrojan.Mint.Dreidel.E8F461
BaiduWin32.Trojan.Zbot.a
VirITTrojan.Win32.Generic.BJAK
CyrenW32/Zbot.BR.gen!Eldorado
SymantecTrojan.Zbot
tehtrisGeneric.Malware
ESET-NOD32Win32/Spy.Zbot.YW
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Spyware.Zbot-1275
KasperskyTrojan-Spy.Win32.Zbot.dkuo
AlibabaMalware:Win32/km_2871.None
NANO-AntivirusTrojan.Win32.Panda.fcaxib
ViRobotTrojan.Win32.A.Zbot.139035
RisingSpyware.Zbot!1.648A (CLASSIC)
Ad-AwareGen:Heur.Mint.Dreidel.imX@y0ktLHh
SophosML/PE-A + Mal/Zbot-HX
ComodoTrojWare.Win32.Kazy.MKD@4qchol
DrWebTrojan.PWS.Panda.547
VIPREGen:Heur.Mint.Dreidel.imX@y0ktLHh
TrendMicroTSPY_ZBOT.SMIG
McAfee-GW-EditionBehavesLike.Win32.Dropper.ch
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.20e2101916facdf5
EmsisoftGen:Heur.Mint.Dreidel.imX@y0ktLHh (B)
IkarusTrojan-Spy.Banker.Citadel
JiangminTrojan/Generic.wciu
WebrootW32.Infostealer.Zeus
AviraTR/Kazy.MK
MAXmalware (ai score=80)
Antiy-AVLTrojan/Generic.ASBOL.1308
MicrosoftPWS:Win32/Zbot!CI
SUPERAntiSpywareTrojan.Agent/Gen-Zbot
GDataGen:Heur.Mint.Dreidel.imX@y0ktLHh
GoogleDetected
AhnLab-V3Trojan/Win32.Zbot.R4880
McAfeePWS-Zbot.gen.ave
TACHYONTrojan-Spy/W32.ZBot.143872.AP
VBA32SScope.Trojan.FakeAV.01110
MalwarebytesTrojan.Zbot
PandaTrj/WLT.A
TrendMicro-HouseCallTSPY_ZBOT.SMIG
TencentTrojan.Win32.Zbot.aaw
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.AT!tr
BitDefenderThetaGen:NN.ZexaF.34698.imX@a0ktLHh
AVGSf:Crypt-BT [Trj]
AvastSf:Crypt-BT [Trj]
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan-Spy.Win32.Zbot.dkuo?

Trojan-Spy.Win32.Zbot.dkuo removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment