Trojan

Trojan:Win32/Zbot.DG!MTB removal

Malware Removal

The Trojan:Win32/Zbot.DG!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Zbot.DG!MTB virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

How to determine Trojan:Win32/Zbot.DG!MTB?



File Info:

name: E49B8B8518787C19B3C8.mlw
path: /opt/CAPEv2/storage/binaries/02914239a2a971af2136bf0751b881e229f2b498f160894c32cf6725073a5394
crc32: C1E85C7C
md5: e49b8b8518787c19b3c8d1cc31715e79
sha1: 25800af19c4b0a124eb7e2a944657ce64102b514
sha256: 02914239a2a971af2136bf0751b881e229f2b498f160894c32cf6725073a5394
sha512: 26fdb6be67f360df8ff7c746c9772803fcbcd93bd2a5168f552eadb1168edba3f2bbb6f15c6f7a64e5d345fbafaf6e39c6d9d51658e2aea3b37ff53690ac2a9c
ssdeep: 6144:xDh178MK57h5TIimkffU7bZ9qNgJOHKPYPGN9QPTp80kn:x377K5d5TbFkPqujPXmTp80
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1A544D0913146B07BC0C1067D14678E49376A7832D6ACD34BB3A82F6DAFE39C24A5637D
sha3_384: df56d79077c12824cee9fd8466f25a0bf5dc8c375c36d22cfcdfd07c6880913fc8a0027e81f579eccab35632bd5c49ea
ep_bytes: e87a590000e989feffff8bff558bec8b
timestamp: 2014-03-17 17:01:45


Version Info:

CompanyName: AppoDev Group
FileDescription: WSP COM Client Registrator
FileVersion: 4.1.1.2
InternalName: wsp com client register
LegalCopyright: Copyright (C) 2013 AppoDev Group
OriginalFilename: wspcomclient
ProductName: WSP COM Client Registrator
ProductVersion: 4.1.1.2
Translation: 0x0409 0x04b0

Trojan:Win32/Zbot.DG!MTB also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.e49b8b8518787c19
CAT-QuickHealTrojan.Generic.B4
McAfeeGeneric-FAWS!E49B8B851878
MalwarebytesSpyware.Zbot.VXGen
ZillyaTrojan.Kryptik.Win32.2472473
CrowdStrikewin/malicious_confidence_90% (W)
K7GWRiskware ( 0040eff71 )
K7AntiVirusRiskware ( 0040eff71 )
BitDefenderThetaGen:NN.ZexaF.34182.pu0@aquiu!ni
SymantecTrojan Horse
ESET-NOD32a variant of Win32/Kryptik.BXLG
KasperskyTrojan-Spy.Win32.Zbot.rwoo
NANO-AntivirusTrojan.Win32.Zbot.cvxvwc
APEXMalicious
DrWebTrojan.PWS.Panda.6267
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionGeneric-FAWS!E49B8B851878
SophosMal/Generic-S
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.enbd
AviraHEUR/AGEN.1110229
Antiy-AVLTrojan[Spy]/Win32.Zbot
ZoneAlarmTrojan-Spy.Win32.Zbot.rwoo
MicrosoftTrojan:Win32/Zbot.DG!MTB
AhnLab-V3Trojan/Win32.Ransomlock.R101949
Acronissuspicious
VBA32TrojanSpy.Zbot
CylanceUnsafe
AvastSf:Crypt-AY [Trj]
RisingSpyware.Zbot!8.16B (RDMK:cmRtazqcqSUb+N6DaFvaGqHiGbnq)
YandexTrojan.Kryptik!FvdpeYS7q2w
IkarusVirus.Win32.Cryptor
eGambitUnsafe.AI_Score_78%
FortinetW32/Zbot.RQRI!tr
AVGSf:Crypt-AY [Trj]
Cybereasonmalicious.518787
PandaTrj/Genetic.gen
MaxSecureTrojan.Malware.7020546.susgen

How to remove Trojan:Win32/Zbot.DG!MTB?

Trojan:Win32/Zbot.DG!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment