Spy Trojan

Trojan.Spy.Zbot.FNZ removal

Malware Removal

The Trojan.Spy.Zbot.FNZ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Spy.Zbot.FNZ virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan.Spy.Zbot.FNZ?



File Info:

name: D468FB354BA891D9D9B1.mlw
path: /opt/CAPEv2/storage/binaries/55eca5e4bd53e513a3a4bc08332dd1e55b7c41496936da7dea9f99b8d347acca
crc32: 31CE596E
md5: d468fb354ba891d9d9b16a2e42c4d558
sha1: cf4dedf590473fb976a3a4e2fc121309c2600af6
sha256: 55eca5e4bd53e513a3a4bc08332dd1e55b7c41496936da7dea9f99b8d347acca
sha512: 4a0329595aede12c6e6f02354ee6d41ef4d48b782390981c99f92d284c557de6e7cae7a58cb387c985420e47d4975db44a2f5108ef6cac30e9b27946f2e3bbfb
ssdeep: 384:ZJtxTPUyMVhN8zDkB1mhLjggggggLvggggggggS03zq:HbYps/k/mFggggggLvggggggggS03zq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FCA2857117C10A90E6A31E769572620DA19CBF2323436ECF1A70F6854FF17D2A932669
sha3_384: 726c5aa00c41fd2fc707f6c720a0b09fee1b201985835186fc60d0a4d8872bbcbd4a874a8017a72b29086200651a459b
ep_bytes: 558bec6aff68a0324000680212400064
timestamp: 1994-04-22 20:19:25


Version Info:

CompanyName: Juice
FileDescription: Juice proged
FileVersion: Version 2.1.1
InternalName: Juice
LegalCopyright: Copyright by Sego© 
OriginalFilename: iJuice
Translation: 0x0409 0x04e3

Trojan.Spy.Zbot.FNZ also known as:

BkavW32.FamVT.GeND.Trojan
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Spy.Zbot.FNZ
FireEyeGeneric.mg.d468fb354ba891d9
CAT-QuickHealTrojanDownloader.Upatre.AA4
ALYacTrojan.Spy.Zbot.FNZ
CylanceUnsafe
ZillyaDownloader.Hyteod.Win32.35
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0001140e1 )
BitDefenderTrojan.Spy.Zbot.FNZ
K7GWTrojan ( 0001140e1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.34182.bm1@aSuh5Xhi
VirITTrojan.Win32.Zbot.MIN
CyrenW32/Trojan.MRAW-5860
SymantecBackdoor.Trojan
ESET-NOD32Win32/TrojanDownloader.Waski.A
BaiduWin32.Trojan-Downloader.Waski.a
APEXMalicious
ClamAVWin.Packed.Upatre-9848576-0
KasperskyTrojan-Downloader.Win32.Hyteod.g
NANO-AntivirusTrojan.Win32.Panda.ddozto
RisingDownloader.Waski!1.A489 (RDMK:cmRtazqmdlofl4Du6KLW+ZgX6Z87)
Ad-AwareTrojan.Spy.Zbot.FNZ
SophosML/PE-A + Mal/Upatre-H
ComodoTrojWare.Win32.TrojanDownloader.Upatre.AKJ@5e815w
DrWebTrojan.PWS.Panda.7581
VIPRETrojan.Win32.Upatre.aa (v)
TrendMicroTROJ_UPATRE.SMX2
McAfee-GW-EditionDownloader-FSH!D468FB354BA8
EmsisoftTrojan.Spy.Zbot.FNZ (B)
IkarusTrojan.Win32.Bublik
GDataWin32.Trojan-Downloader.Upatre.BK
JiangminTrojanDownloader.Hyteod.j
AviraTR/ATRAPS.A.3853
MAXmalware (ai score=87)
Antiy-AVLTrojan/Generic.ASMalwS.B55ED5
ArcabitTrojan.Spy.Zbot.FNZ
SUPERAntiSpywareTrojan.Agent/Gen-Downloader
ZoneAlarmTrojan-Downloader.Win32.Hyteod.g
MicrosoftTrojan:Win32/Zbot.svfs!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R115402
Acronissuspicious
McAfeeDownloader-FSH
VBA32TrojanDownloader.Hyteod
MalwarebytesRansom.CryptoWall
PandaTrj/Zbot.M
TrendMicro-HouseCallTROJ_UPATRE.SMX2
TencentTrojan-Downloader.Win32.Waski.16000151
YandexTrojan.DL.Hyteod!R+Rl//KqCg4
SentinelOneStatic AI – Malicious PE
eGambitUnsafe.AI_Score_83%
FortinetW32/Waski.A!tr.dldr
AVGWin32:Dropper-gen [Drp]
Cybereasonmalicious.54ba89
AvastWin32:Dropper-gen [Drp]
MaxSecureTrojan.Upatre.Gen

How to remove Trojan.Spy.Zbot.FNZ?

Trojan.Spy.Zbot.FNZ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment