What is “Trojan-Spy.Win32.Zbot.yqfz”?

Malware Removal

The Trojan-Spy.Win32.Zbot.yqfz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Trojan-Spy.Win32.Zbot.yqfz virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Injection with CreateRemoteThread in a remote process
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • A process attempted to delay the analysis task.
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Starts servers listening on 0.0.0.0:21940, :0, 127.0.0.1:19550, 127.0.0.1:10319, 0.0.0.0:21937
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Executed a process and injected code into it, probably while unpacking
  • Code injection with CreateRemoteThread in a remote process
  • Deletes its original binary from disk
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Steals private information from local Internet browsers
  • Installs itself for autorun at Windows startup
  • Collects information about installed applications
  • Attempts to modify proxy settings
  • Attempts to modify browser security settings
  • Harvests credentials from local FTP client softwares
  • Attempts to interact with an Alternate Data Stream (ADS)
  • Creates a slightly modified copy of itself
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

www.microsoft-analytics.xyz
www.windows-troubleshooting.xyz

How to determine Trojan-Spy.Win32.Zbot.yqfz?


File Info:

crc32: A2B87DCF
md5: a227a220e79706c87ccf13a730bedd3a
name: A227A220E79706C87CCF13A730BEDD3A.mlw
sha1: 2acd0ec887b5c757adc11724e88baf64d4805f56
sha256: 6aa62e8115bfbce13ef4d9f59c4134117b1e4f1eedea5952957817c3bbff964f
sha512: 5a46d1bffd44563d7bac453ebe1364d4e55d3629ba498fbc3d4b1c0049522dbfa98180453f4bbd4b10f04d689d5a01a1fb5af4d3fc8e8d87f935c59faf61c399
ssdeep: 12288:n39xQkOGt02ZvIvos1+qM4wlR6Qb2p/hRrAR1inUcihINn:3zHTvIvoOClnap5A1iUcxNn
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

0: [No Data]

Trojan-Spy.Win32.Zbot.yqfz also known as:

BkavW32.AIDetect.malware2
K7AntiVirusTrojan ( 0051cf771 )
ALYacGen:Heur.Ransom.Cerber.2
CylanceUnsafe
ZillyaTrojan.Injector.Win32.621768
SangforTrojan.Win32.Zbot.yqfz
CrowdStrikewin/malicious_confidence_80% (D)
AlibabaTrojanSpy:Win32/Injector.5bf4ad19
K7GWTrojan ( 0051cf771 )
Cybereasonmalicious.0e7970
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Injector.DCTN
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Spy.Win32.Zbot.yqfz
BitDefenderGen:Heur.Ransom.Cerber.2
NANO-AntivirusTrojan.Win32.Zbot.evgqxk
MicroWorld-eScanGen:Heur.Ransom.Cerber.2
TencentMalware.Win32.Gencirc.114924f3
Ad-AwareGen:Heur.Ransom.Cerber.2
SophosMal/Ransom-EE
ComodoTrojWare.Win32.Zbot.EZXT@7tgdwr
BitDefenderThetaGen:NN.ZexaF.34686.JuX@aykuAEpi
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionBehavesLike.Win32.Generic.hc
FireEyeGeneric.mg.a227a220e79706c8
EmsisoftGen:Heur.Ransom.Cerber.2 (B)
SentinelOneStatic AI – Suspicious PE
JiangminTrojanSpy.Zbot.fkye
AviraHEUR/AGEN.1112598
MicrosoftPWS:Win32/Zbot
AegisLabTrojan.Win32.Zbot.4!c
ZoneAlarmTrojan-Spy.Win32.Zbot.yqfz
GDataGen:Heur.Ransom.Cerber.2
AhnLab-V3Spyware/Win32.Zbot.C1511822
McAfeeGenericRXDZ-EC!A227A220E797
MAXmalware (ai score=100)
VBA32TrojanSpy.Zbot
MalwarebytesMalware.AI.3586241266
PandaTrj/GdSda.A
RisingSpyware.Zbot!8.16B (CLOUD)
IkarusTrojan-Ransom.Foreign
FortinetW32/Kryptik.FCAB!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Trojan-Spy.Win32.Zbot.yqfz?

Trojan-Spy.Win32.Zbot.yqfz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment