Trojan

Trojan:Win32/zbot.ffhh!MTB removal

Malware Removal

The Trojan:Win32/zbot.ffhh!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/zbot.ffhh!MTB virus can do?

  • Dynamic (imported) function loading detected
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan:Win32/zbot.ffhh!MTB?



File Info:

name: C4E41CCD470AE2897509.mlw
path: /opt/CAPEv2/storage/binaries/5bcacd6ed08680b541f15276fabafcca02fb3a6bf2b6f5d5ad013f3d5b564e59
crc32: 948679E5
md5: c4e41ccd470ae2897509e0dc06eaad0f
sha1: 3eb2cc3ee5bb841392fec608979b9c7db8c59fe3
sha256: 5bcacd6ed08680b541f15276fabafcca02fb3a6bf2b6f5d5ad013f3d5b564e59
sha512: 12aca54679e1ba6560fcb26d96a6eb545daa90ca361dd29076f4c49c0b920569f1bcb74811b2710bb698bac6ce38ed62389993500ebbc96e8c0267bb463f8ca8
ssdeep: 96:QwmYtPvLGau/wAnQWRRUh2CqDxbU9uuqlkH1Hv+ARzuquAcuRzZmuv:ZmYt2dQWRRQwwvvp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T15622EF681FE5197AF3BBCE7589F641C6A634B0223E16895D50EB43C40913EA6DCB0B1F
sha3_384: 94af2f839bf340e1d88259531ad8ed4f767d4bf6a37f4b7a372dbe9d9e0970fd74aec2470dcfc2e5408e27affe834e99
ep_bytes: 81ec3408000053555633f65756897424
timestamp: 2014-05-20 11:56:59


Version Info:

0: [No Data]

Trojan:Win32/zbot.ffhh!MTB also known as:

BkavW32.AIDetect.malware1
LionicTrojan.Win32.Generic.lY5V
Elasticmalicious (high confidence)
DrWebTrojan.DownLoad3.33216
MicroWorld-eScanTrojan.Ppatre.Gen.1
FireEyeGeneric.mg.c4e41ccd470ae289
CAT-QuickHealTrojan.Mauvaise.SL1
ALYacTrojan.Ppatre.Gen.1
CylanceUnsafe
ZillyaDownloader.Waski.Win32.8095
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan-Downloader ( 0055f33b1 )
AlibabaMalware:Win32/km_2c98.None
K7GWTrojan-Downloader ( 0055f33b1 )
Cybereasonmalicious.d470ae
BitDefenderThetaGen:NN.ZexaF.34084.auX@aOtM!Odi
VirITTrojan.Win32.DownLoad3.BXDO
CyrenW32/S-654ac031!Eldorado
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/TrojanDownloader.Waski.E
TrendMicro-HouseCallTROJ_GEN.R002C0DKS21
Paloaltogeneric.ml
ClamAVWin.Malware.Upatre-7393915-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Ppatre.Gen.1
NANO-AntivirusTrojan.Win32.DownLoad3.etkgmw
ViRobotTrojan.Win32.Z.Upatre.10030.P
AvastWin32:TrojanX-gen [Trj]
TencentMalware.Win32.Gencirc.10ce4d71
Ad-AwareTrojan.Ppatre.Gen.1
TACHYONTrojan/W32.Ppatre.10030.B
SophosML/PE-A + Mal/EncPk-ACO
ComodoTrojWare.Win32.TrojanDownloader.Waski.ADW@8mzp93
VIPRETrojan.Win32.Upatre.dw (v)
TrendMicroTROJ_GEN.R002C0DKS21
McAfee-GW-EditionBehavesLike.Win32.Generic.zz
EmsisoftTrojan.Ppatre.Gen.1 (B)
IkarusTrojan-Downloader.Win32.Upatre
GDataWin32.Trojan-Downloader.Upatre.BJ
JiangminTrojanSpy.Zbot.ffhh
eGambitUnsafe.AI_Score_99%
AviraHEUR/AGEN.1102633
Antiy-AVLTrojan/Win32.AGeneric
GridinsoftRansom.Win32.Zbot.sa
ArcabitTrojan.Ppatre.Gen.1
MicrosoftTrojan:Win32/zbot.ffhh!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Upatre.R158192
Acronissuspicious
McAfeeDownloader-FBVU!C4E41CCD470A
MAXmalware (ai score=81)
VBA32SScope.Trojan-Downloader.1454
MalwarebytesTrojan.Upatre.Generic
APEXMalicious
RisingTrojan.Generic@ML.100 (RDML:vxiMMYgAHdgI/xIPTgmf6Q)
YandexTrojan.GenAsa!zfalv5UzsQI
SentinelOneStatic AI – Malicious PE
FortinetW32/EncPk.ACO!tr
AVGWin32:TrojanX-gen [Trj]
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/zbot.ffhh!MTB?

Trojan:Win32/zbot.ffhh!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment