Spy Trojan

How to remove “Trojan-Spy.Win32.Zbot.qsqc”?

Malware Removal

The Trojan-Spy.Win32.Zbot.qsqc is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Spy.Win32.Zbot.qsqc virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Created a process from a suspicious location
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

How to determine Trojan-Spy.Win32.Zbot.qsqc?


File Info:

name: 33C9AF10EC35950C156A.mlw
path: /opt/CAPEv2/storage/binaries/6f3dbb25e5cdf12ede9d632afe81b7bd5fecc94b5009c519c541e6da3c5e6057
crc32: 468DF071
md5: 33c9af10ec35950c156ace25b0354a29
sha1: 8c9098ee91e07c009f4fb2be86599b433baf738c
sha256: 6f3dbb25e5cdf12ede9d632afe81b7bd5fecc94b5009c519c541e6da3c5e6057
sha512: c708c991f6bf2af41ee2e2e92af3b8159406f183dd117c7d4e23e173ea56d7c142b9dd119b122968b4dd5cd4655fdd8ff67b8872e4f03843a3717c5915a383df
ssdeep: 384:Rgcx5SNj7YBqOETTITP5Dsl+AUeVn651h7iQroCuCE5hC:T4j7YBkweh63h7iQroC8DC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T154B22AE2FAE45454E28300709C73EA12152B7F99687A850872E93E5E8DB37C27476E0F
sha3_384: eae734f41a34acf8b8174b165db7b19d25f8d20b1fea12db12f33c0d52c0551e89247bb623d6557fd08fe2710333e550
ep_bytes: e88e020000e957fdffff8bff558bec8b
timestamp: 2013-11-22 06:31:15

Version Info:

0: [No Data]

Trojan-Spy.Win32.Zbot.qsqc also known as:

BkavW32.FamVT.GeND.Trojan
MicroWorld-eScanTrojan.GenericKD.1415910
CAT-QuickHealDownloader.Upatre.9384
ALYacTrojan.GenericKD.1415910
CylanceUnsafe
K7AntiVirusTrojan-Downloader ( 0048f6391 )
K7GWTrojan-Downloader ( 0048f6391 )
Cybereasonmalicious.0ec359
VirITTrojan.Win32.Dropper.K
CyrenW32/Trojan.UTOO-2610
SymantecDownloader
Elasticmalicious (high confidence)
ESET-NOD32Win32/TrojanDownloader.Waski.A
APEXMalicious
ClamAVWin.Trojan.Generickd-157
KasperskyTrojan-Spy.Win32.Zbot.qsqc
BitDefenderTrojan.GenericKD.1415910
NANO-AntivirusTrojan.Win32.Zbot.cqvwfs
SUPERAntiSpywareTrojan.Agent/Gen-Waski
AvastWin32:Trojan-gen
TencentMalware.Win32.Gencirc.10b39810
Ad-AwareTrojan.GenericKD.1415910
SophosML/PE-A + Troj/Agent-AEWT
ComodoTrojWare.Win32.Kryptik.BFP@54u2z9
DrWebTrojan.DownLoad3.30703
ZillyaTrojan.Zbot.Win32.142501
TrendMicroTROJ_UPATRE.SM37
McAfee-GW-EditionDownloader-FXA!33C9AF10EC35
FireEyeGeneric.mg.33c9af10ec35950c
EmsisoftTrojan.GenericKD.1415910 (B)
Ikarusnot-a-virus:Downloader.DownloadHelper
GDataTrojan.GenericKD.1415910
JiangminTrojanSpy.Zbot.dynq
AviraTR/Yarwi.A.18
MAXmalware (ai score=83)
ArcabitTrojan.Generic.D159AE6
MicrosoftTrojanDownloader:Win32/Upatre.A
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.C220573
McAfeeDownloader-FXA!33C9AF10EC35
VBA32TrojanSpy.Zbot
MalwarebytesTrojan.Email
TrendMicro-HouseCallTROJ_UPATRE.SM37
RisingTrojan.DL.Win32.Waski.k (RDMK:cmRtazqwG5JctaA1LSpEFZPUbj1m)
YandexTrojanSpy.Zbot!tEBBqF1f4gs
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Upatre.Gen
FortinetW32/Kryptik.SHET!tr
BitDefenderThetaGen:NN.ZexaF.34666.bqX@a0RCb2di
AVGWin32:Trojan-gen
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan-Spy.Win32.Zbot.qsqc?

Trojan-Spy.Win32.Zbot.qsqc removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment