Trojan

Trojan:Win32/Zbot.GPA!MTB removal

Malware Removal

The Trojan:Win32/Zbot.GPA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Zbot.GPA!MTB virus can do?

  • Sample contains Overlay data
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Zbot.GPA!MTB?



File Info:

name: 001E5FFF80C5B60047B3.mlw
path: /opt/CAPEv2/storage/binaries/e0314f430a71cea48b410843979e97a93594e6a6402b61c9d98421641b5c206d
crc32: 6E745EA9
md5: 001e5fff80c5b60047b3e530c59c8b1a
sha1: 419b1e503518152dc7c8ee0d1f1fa17fcf4847ad
sha256: e0314f430a71cea48b410843979e97a93594e6a6402b61c9d98421641b5c206d
sha512: f95bb49fd0dc18c0e5c31ebb6c66b53b6d9498106384bb4a3c340d1399003c66e5304e4fb933f1908457e1b3f1b3ed78436bfe0f09fdc3790528feab38cf1e21
ssdeep: 49152:v8VmfJ3eNQsLMLvpDE60RhXdwcB6P+KA9oNt+RGOCUX:fwQvwT2cB6P+KA9qt+RGh0
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T104D6122A8D0069AAC8D78D3075CF8BACB9701B346561D446F2A17F5DBB30BD8ED92353
sha3_384: 89a54efddd7992125a4590afe5ee0e7a1d08129da078380bd0e86b52d1d5ebd53d7e8386f49e1c837de39086efdf8932
ep_bytes: 6a186870325b00e8c80e0000bf940000
timestamp: 2007-03-28 01:02:44


Version Info:

CompanyName: Microsoft
FileDescription: Windows
FileVersion: 1
InternalName: Windows
LegalCopyright: Copyright Microsoft
OriginalFilename: windows.exe
ProductName: Windows
ProductVersion: 1
Translation: 0x0809 0x04b0

Trojan:Win32/Zbot.GPA!MTB also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Worm.Zomon.1
SkyhighSwizzor.gen.a
McAfeeSwizzor.gen.a
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( 0040f0cc1 )
AlibabaTrojan:Win32/Kryptik.3e58a3d1
K7GWTrojan ( 0040f0cc1 )
BitDefenderThetaGen:NN.ZexaF.36680.@t3@amxVatei
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/Kryptik.ANRN
CynetMalicious (score: 100)
APEXMalicious
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Worm.Zomon.1
AvastWin32:Kryptik-KPR [Trj]
TencentWin32.Trojan.Generic.Msmw
EmsisoftGen:Worm.Zomon.1 (B)
F-SecureTrojan.TR/Crypt.XPACK.Gen7
VIPREGen:Worm.Zomon.1
SophosMal/Zbot-UL
IkarusVirus.Win32.Zbot
JiangminTrojan.Generic.fpbhs
WebrootW32.Suspicious.Heur
VaristW32/S-cfaa762b!Eldorado
AviraTR/Crypt.XPACK.Gen7
Antiy-AVLTrojan/Win32.AGeneric
MicrosoftTrojan:Win32/Zbot.GPA!MTB
ArcabitGen:Worm.Zomon.1
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Worm.Zomon.1
GoogleDetected
AhnLab-V3Dropper/Win32.Injector.R41885
MAXmalware (ai score=80)
MalwarebytesTrojan.VBCrypt
RisingTrojan.Generic@AI.100 (RDML:nbcPx6FyomlIG8HLzrS+4w)
SentinelOneStatic AI – Suspicious PE
FortinetW32/Injector.YYX!tr
AVGWin32:Kryptik-KPR [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Trojan:Win32/Zbot.GPA!MTB?

Trojan:Win32/Zbot.GPA!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment