Spy Trojan

Trojan.Spy.ZBot.JR removal tips

Malware Removal

The Trojan.Spy.ZBot.JR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Spy.ZBot.JR virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Hebrew
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)

How to determine Trojan.Spy.ZBot.JR?



File Info:

name: 732941E1BF37B3C56E77.mlw
path: /opt/CAPEv2/storage/binaries/cdfef478e1a7eb77afaef2776c0cf9b36c334fbd0a72ee60801a4cc6cf0357f9
crc32: E74C4104
md5: 732941e1bf37b3c56e77690be0b78876
sha1: 2bb911a3e07b9de7b4ca4d5685a8926e6883b1f3
sha256: cdfef478e1a7eb77afaef2776c0cf9b36c334fbd0a72ee60801a4cc6cf0357f9
sha512: 86e9518b944cb839fa3afa9c000398ab6e4aa29fbe3f8397c95e9bb4d7e401415bc12ef85f3c9c258c120b18ed1903137fa959bbcf179d8c741cf579c77faa71
ssdeep: 12288:yppxAkSte4GlvLGcAcQK9ZTx8p8uFPXLnH62bcIii2sMY/rtk:sxAKHD/3dKyIzaLIii2sMY/W
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B9B423F72C199BEFFC4048B3947A85BED326A11FC663C1EAA34E445E2F1595020D3A5E
sha3_384: bfd13305c4530c51b9cb8ae6d6a2fd60f1b3f5d02d504464e8ada9562c0f7d126de0831fb41fde59987a9673eb77def3
ep_bytes: 558bec6aff688020400068601f400064
timestamp: 2009-03-09 10:14:53


Version Info:

Comments: 
CompanyName: RGE
FileDescription: INJ
FileVersion: 1, 0, 0, 1
InternalName: INJ
LegalCopyright: Copyright © 2009
LegalTrademarks: 
OriginalFilename: INJ.exe
PrivateBuild: 
ProductName: RGE INJ
ProductVersion: 1, 0, 0, 1
SpecialBuild: 
Translation: 0x041d 0x04b0

Trojan.Spy.ZBot.JR also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (moderate confidence)
MicroWorld-eScanTrojan.Spy.ZBot.JR
ClamAVWin.Trojan.Agent-199633
FireEyeTrojan.Spy.ZBot.JR
McAfeeGeneric Dropper.jb
CylanceUnsafe
ZillyaBackdoor.Agent.Win32.4858
SangforTrojan.Win32.Generic.ky
AlibabaTrojanDropper:Win32/Dooxud.3ad9a091
Cybereasonmalicious.1bf37b
CyrenW32/Backdoor.ABSM-1741
SymantecW32.IRCBot
ESET-NOD32a variant of Win32/Injector.KW
APEXMalicious
Paloaltogeneric.ml
CynetMalicious (score: 100)
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Spy.ZBot.JR
NANO-AntivirusTrojan.Win32.Sdbot.cwgbmj
AvastWin32:InjectorX-gen [Trj]
TencentWin32.Trojan.Generic.Aenx
Ad-AwareTrojan.Spy.ZBot.JR
SophosML/PE-A + Mal/Behav-243
ComodoBackdoor.Win32.Bot.901870@2cfc4v
DrWebBackDoor.IRC.Sdbot.3654
VIPRETrojan.Spy.ZBot.JR
McAfee-GW-EditionGeneric Dropper.jb
EmsisoftTrojan.Spy.ZBot.JR (B)
JiangminBackdoor/Agent.bpot
WebrootVir.Tool.Gen
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Generic.ASMalwS.61
MicrosoftTrojanDropper:Win32/Dooxud.A
ViRobotBackdoor.Win32.S.Agent.501810
GDataTrojan.Spy.ZBot.JR
GoogleDetected
AhnLab-V3Trojan/Win32.Inject.R7896
BitDefenderThetaAI:Packer.18AE8D081C
ALYacTrojan.Spy.ZBot.JR
MAXmalware (ai score=100)
VBA32BScope.Trojan.871206
RisingMalware.Undefined!8.C (TFE:5:zvqpdr4pePK)
YandexTrojan.GenAsa!lELAt0JCTcA
IkarusTrojan-Dropper.Agent
FortinetW32/Zbot.W!tr
AVGWin32:InjectorX-gen [Trj]
PandaGeneric Malware
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan.Spy.ZBot.JR?

Trojan.Spy.ZBot.JR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment