Spy Trojan

Trojan-Spy.Win32.Zbot.ifek removal

Malware Removal

The Trojan-Spy.Win32.Zbot.ifek is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Spy.Win32.Zbot.ifek virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Chinese (Traditional)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Zbot.ifek?


File Info:

name: AF0DF790501B83B0E2B8.mlw
path: /opt/CAPEv2/storage/binaries/22792ca2017871683e24d6dc610fd20e55b482a9424c151780b6f78c1cb428ad
crc32: 99676C16
md5: af0df790501b83b0e2b8e81c48104c4c
sha1: 0b6b068e42500a4bc7f51f3f938afd707bbd0e37
sha256: 22792ca2017871683e24d6dc610fd20e55b482a9424c151780b6f78c1cb428ad
sha512: ecd28a580778218d4f3cd41c94af9712760e1e83dbc54298a572052635e2f16d19114f8ae7190961ad7e9e255bbde6e4c6a26d5702624eb84d1b0cde0d82015b
ssdeep: 6144:wewmzma5y3NMw0vHgtDPYfbOpK1HkDIAoF6P68Dibwmzm1:Yc7sdMwgHgtDPUbOpM4l15cu
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC649DC18BD074C6D42CB1FBB9718CD97137AF2E18786D1B19AE58722F413A3865E1A3
sha3_384: 2b53fa99e8addd70d2c803a97d6e3b4e3a299a7fc46ae36aff3b43b6fd8ac9e94f75fc98ab3725b7157a981cfb7f6404
ep_bytes: 68c86b4000e8f0ffffff000000000000
timestamp: 2013-01-14 21:25:01

Version Info:

Translation: 0x0409 0x04b0
CompanyName: Tutankamon Ltd., Panama, Oslo
FileDescription: TRa32 Personale
LegalCopyright: HotDoza Ltd., Panama, Oslo
ProductName: TitoloQua
FileVersion: 3.12.0014
ProductVersion: 3.12.0014
InternalName: a
OriginalFilename: a.exe

Trojan-Spy.Win32.Zbot.ifek also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Trojan.Brresmon.Gen.1
FireEyeGeneric.mg.af0df790501b83b0
CAT-QuickHealVirTool.VBInject
MalwarebytesBackdoor.Bot.ED
ZillyaTrojan.Zbot.Win32.97856
SangforSuspicious.Win32.Save.vb
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderGen:Trojan.Brresmon.Gen.1
K7GWSpyware ( 0029a43a1 )
K7AntiVirusSpyware ( 0029a43a1 )
SymantecTrojan!im
tehtrisGeneric.Malware
ESET-NOD32Win32/Spy.Zbot.AAO
CynetMalicious (score: 100)
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-658076
KasperskyTrojan-Spy.Win32.Zbot.ifek
NANO-AntivirusTrojan.Win32.Zbot.fnzzwo
RisingMalware.Undefined!8.C (TFE:3:QWMszTqlqoG)
Ad-AwareGen:Trojan.Brresmon.Gen.1
SophosML/PE-A
ComodoMalware@#3grldcj5a8x7t
DrWebTrojan.PWS.Panda.3035
VIPREGen:Trojan.Brresmon.Gen.1
McAfee-GW-EditionPWS-Zbot-FBFT!AF0DF790501B
Trapminemalicious.high.ml.score
EmsisoftGen:Trojan.Brresmon.Gen.1 (B)
IkarusVirus.Win32.VBInject
JiangminTrojanSpy.Zbot.crzv
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen7
Antiy-AVLTrojan/Generic.ASMalwS.31
KingsoftWin32.Troj.Zbot.if.(kcloud)
MicrosoftVirTool:Win32/VBInject.gen!KX
GDataGen:Trojan.Brresmon.Gen.1
GoogleDetected
AhnLab-V3Trojan/Win32.Injector.C211707
Acronissuspicious
McAfeePWS-Zbot-FBFT!AF0DF790501B
MAXmalware (ai score=81)
VBA32TrojanSpy.Zbot
CylanceUnsafe
PandaTrj/Genetic.gen
TencentWin32.Trojan-Spy.Zbot.Etgl
YandexTrojan.GenAsa!5UBN7XZkTr0
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Injector.YUP!tr
BitDefenderThetaGen:NN.ZevbaF.34646.sm1@ayF@T2ab
AVGWin32:Malware-gen
Cybereasonmalicious.0501b8
AvastWin32:Malware-gen

How to remove Trojan-Spy.Win32.Zbot.ifek?

Trojan-Spy.Win32.Zbot.ifek removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment