Spy Trojan

Trojan.Spy.Zbot.FCP removal

Malware Removal

The Trojan.Spy.Zbot.FCP is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Spy.Zbot.FCP virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • A process attempted to delay the analysis task.
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself
  • Anomalous binary characteristics

How to determine Trojan.Spy.Zbot.FCP?



File Info:

crc32: AA1AC2FE
md5: 9de56ce9e4511cf5bc3369c9c8dd5a58
name: 9DE56CE9E4511CF5BC3369C9C8DD5A58.mlw
sha1: 4f19f83844c1f4c90d6909fbbdf5c7e682231774
sha256: dc9b438bc9cbd62ba8de17a8b53b1f821182260547ad57013f54437f97278865
sha512: 21a9618ae8b26f5a3abbd80c863b8f291f6bac8e6e15ac42b3818ca37f21f19be4b996f2276f1574f2103189ba46c681c29986b298bfeaa7764d94c5e62c8a8b
ssdeep: 768:RYYYq3SGZVm3bjUNezVhH4riAY0CyqD4ht9rlQgW8Q38iO5/C7In0R/RpR0JRg3m:t3S/3kN2hYrpYByP7LWU5/ZnnOGv
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: PERFMON.EXE
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
CompanyName: Microsoft Corporation
ProductName: Microsoftxae Windowsxae Operating System
ProductVersion: 5.1.2600.5512
FileDescription: Performance Monitor Command Line Shell
OriginalFilename: PERFMON.EXE
Translation: 0x0409 0x04b0

Trojan.Spy.Zbot.FCP also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 0040f26d1 )
Elasticmalicious (high confidence)
DrWebTrojan.MulDrop4.23426
CynetMalicious (score: 100)
ALYacTrojan.Spy.Zbot.FCP
CylanceUnsafe
ZillyaTrojan.Blocker.Win32.2716
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaRansom:Win32/Tobfy.2ef803c3
K7GWTrojan ( 0040f26d1 )
Cybereasonmalicious.9e4511
CyrenW32/Trojan.YGWP-8019
ESET-NOD32a variant of Win32/Kryptik.ARPJ
ZonerTrojan.Win32.12798
TotalDefenseWin32/Tobfy.AB
AvastWin32:Crypt-PJG [Trj]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Spy.Zbot.FCP
NANO-AntivirusTrojan.Win32.Drop.bgarib
MicroWorld-eScanTrojan.Spy.Zbot.FCP
TencentWin32.Trojan.Falsesign.Hytp
Ad-AwareTrojan.Spy.Zbot.FCP
SophosML/PE-A + Mal/EncPk-AFX
ComodoMalware@#2fdlsqy0yreiz
BitDefenderThetaGen:NN.ZexaF.34628.gu2@amvmPtei
VIPREVirtool.Win32.Obfuscator.as!c (v)
TrendMicroTROJ_SIGEKAF.SM
McAfee-GW-EditionPWS-Zbot.gen.aua
FireEyeGeneric.mg.9de56ce9e4511cf5
EmsisoftTrojan.Spy.Zbot.FCP (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Generic.dwvqz
WebrootW32.Rogue.Gen
AviraHEUR/AGEN.1116600
eGambitPE.Heur.InvalidSig
MicrosoftRansom:Win32/Tobfy.N
AegisLabTrojan.Win32.Generic.4!c
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Spy.Zbot.FCP
AhnLab-V3Trojan/Win32.Blocker.R50721
McAfeePWS-Zbot.gen.aua
MAXmalware (ai score=100)
VBA32Hoax.Blocker
MalwarebytesMachineLearning/Anomalous.97%
PandaTrj/Hexas.HEU
TrendMicro-HouseCallTROJ_SIGEKAF.SM
RisingRansom.Blocker!8.12A (CLOUD)
IkarusTrojan.Win32.Tobfy
FortinetW32/Zbot.DHN!tr
AVGWin32:Crypt-PJG [Trj]
Qihoo-360Win32/Trojan.Zbot.HxQBEpsA

How to remove Trojan.Spy.Zbot.FCP?

Trojan.Spy.Zbot.FCP removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment