Trojan

What is “Trojan:Win32/Zbot.svfs!MTB”?

Malware Removal

The Trojan:Win32/Zbot.svfs!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Zbot.svfs!MTB virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Anomalous file deletion behavior detected (10+)
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Anomalous binary characteristics

How to determine Trojan:Win32/Zbot.svfs!MTB?



File Info:

name: 3CED4E85A4F6188AE443.mlw
path: /opt/CAPEv2/storage/binaries/252cc3e41c1a44bd1ab46b83c88ce25c374881328a54a747e969e42239ee456d
crc32: E8878585
md5: 3ced4e85a4f6188ae443158de2cda34f
sha1: 30defb9d868075cb04af327f5b14a9b6711ed8a3
sha256: 252cc3e41c1a44bd1ab46b83c88ce25c374881328a54a747e969e42239ee456d
sha512: 59cd17f5a09ef9e53db75751d1b848f2871e6b9316df88e07e3a04f50b8ce0add9abf69d5939faf70cf6734c2c4cafc288412854980fbdd4fc7893b4cb05f728
ssdeep: 768:HOQjbFXq3oXFmTggggggLvggggggggSc:uQjpXF1K
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T106E294B163D105C0EA825D769A76620DE18D7F1313835ED71F70FA894BF07D3AA32A68
sha3_384: 212f931a87cd1cefce48233e47446f86d178ae6be33d7d751fab63ed567846b72281eb627b74029798ef067054a22dd5
ep_bytes: 558bec6aff687031400068c211400064
timestamp: 1994-04-22 02:36:40


Version Info:

CompanyName: Juice
FileDescription: Juice proged
FileVersion: Version 2.1.1
InternalName: Juice
LegalCopyright: Copyright by Sego© 
OriginalFilename: iJuice
Translation: 0x0409 0x04e3

Trojan:Win32/Zbot.svfs!MTB also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
DrWebTrojan.PWS.Panda.7579
MicroWorld-eScanTrojan.Upatre.Gen.3
FireEyeGeneric.mg.3ced4e85a4f6188a
CAT-QuickHealTrojanDownloader.Upatre.AA4
ALYacTrojan.Upatre.Gen.3
CylanceUnsafe
VIPRETrojan.Win32.Upatre.aa (v)
K7AntiVirusTrojan-Downloader ( 0048f6391 )
AlibabaTrojanDownloader:Win32/Waski.60fb9256
K7GWTrojan-Downloader ( 0048f6391 )
Cybereasonmalicious.5a4f61
BitDefenderThetaGen:NN.ZexaF.34084.cq0@aKfT6Qai
CyrenW32/Zbot.SA.gen!Eldorado
SymantecSMG.Heur!gen
ESET-NOD32Win32/TrojanDownloader.Waski.A
TrendMicro-HouseCallTROJ_UPATRE.SMRC
Paloaltogeneric.ml
ClamAVWin.Packed.Upatre-9848576-0
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderTrojan.Upatre.Gen.3
NANO-AntivirusTrojan.Win32.Panda.ddqndf
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Losj
Ad-AwareTrojan.Upatre.Gen.3
SophosML/PE-A + Mal/Zbot-QL
ComodoTrojWare.Win32.TrojanDownloader.Upatre.AKJ@5e815w
BaiduWin32.Trojan-Downloader.Waski.a
TrendMicroTROJ_UPATRE.SMRC
McAfee-GW-EditionBehavesLike.Win32.Downloader.nz
EmsisoftTrojan.Upatre.Gen.3 (B)
SentinelOneStatic AI – Malicious PE
GDataTrojan.Upatre.Gen.3
JiangminTrojan/Cryptodef.au
AviraTR/Crypt.ZPACK.Gen2
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASMalwS.B541F6
GridinsoftRansom.Win32.Zbot.sa
ViRobotTrojan.Win32.Z.Upatre.32768.ADR
MicrosoftTrojan:Win32/Zbot.svfs!MTB
CynetMalicious (score: 99)
AhnLab-V3Spyware/Win32.Zbot.R115088
Acronissuspicious
McAfeeDownloader-FSH
VBA32BScope.TrojanDownloader.Hyteod
MalwarebytesMalware.AI.3891515721
APEXMalicious
RisingTrojan.DL.Win32.Upatre.aab (CLASSIC)
IkarusTrojan.Win32.Bublik
FortinetW32/Waski.A!tr.dldr
AVGWin32:Trojan-gen
PandaTrj/Genetic.gen
CrowdStrikewin/malicious_confidence_90% (W)

How to remove Trojan:Win32/Zbot.svfs!MTB?

Trojan:Win32/Zbot.svfs!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment