Trojan

About “Trojan:Win32/Zbot.WM!MTB” infection

Malware Removal

The Trojan:Win32/Zbot.WM!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Zbot.WM!MTB virus can do?

  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Authenticode signature is invalid
  • Installs itself for autorun at Windows startup
  • Likely virus infection of existing system binary
  • Creates Zeus (Banking Trojan) mutexes

How to determine Trojan:Win32/Zbot.WM!MTB?



File Info:

name: D2BE25B83C0D688436D8.mlw
path: /opt/CAPEv2/storage/binaries/b991bd97d25b22f6b2800c5660564de23fe8e7596829c55d49724cfbde34292a
crc32: BE44F518
md5: d2be25b83c0d688436d88473a3c2cb57
sha1: 3142ad35fd7e884196fe01fe9745e81dd57aeb98
sha256: b991bd97d25b22f6b2800c5660564de23fe8e7596829c55d49724cfbde34292a
sha512: bf179de18f71a6762a5ef8e1985ae33a516de00ff78d272a8772bce7f508c0f2b204d3145567ac51f3150e9fb4d39ca709bf306408d530cd603b91f530a511a3
ssdeep: 1536:qBn+F+/pvyvJKe5zzN1Kt1RkSs1UfycBjAYn1fpghR:qB+U/pvyvJjtKeXea610R
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13F835C26E3E2857CF4B3163109714663DEBA7E212936C62D96D24B6D0F326B1D53A383
sha3_384: 59fe64c211f479910eb0153c9ccb9b1ee598886d37a7deab0b59e704365a9835f7cd3c3dfb54eeadf43788b8357e00fe
ep_bytes: 558bec81ec3804000053565733ff4757
timestamp: 2007-05-30 19:33:01


Version Info:

0: [No Data]

Trojan:Win32/Zbot.WM!MTB also known as:

BkavW32.AIDetect.malware2
Elasticmalicious (high confidence)
MicroWorld-eScanDropped:Generic.Malware.SFM6g.3C18B075
FireEyeGeneric.mg.d2be25b83c0d6884
CAT-QuickHealTrojanpws.Zbot.29195
McAfeeGenericRXAY-YJ!D2BE25B83C0D
CylanceUnsafe
SangforSuspicious.Win32.Save.a
K7AntiVirusSpyware ( 0053eecd1 )
K7GWSpyware ( 0053eecd1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:Packer.9BA9FAD51E
VirITTrojan.Win32.Generic.FZC
CyrenW32/Zbot.BS.gen!Eldorado
SymantecTrojan.Zbot
ESET-NOD32a variant of Win32/Spy.Agent.PZ
APEXMalicious
ClamAVWin.Malware.Zbot-9951822-0
KasperskyTrojan-Spy.Win32.Zbot.wqmk
BitDefenderDropped:Generic.Malware.SFM6g.3C18B075
NANO-AntivirusTrojan.Win32.Agent.mram
AvastWin32:Evo-gen [Susp]
TencentTrojan-Spy.Win32.Zbot.xa
Ad-AwareDropped:Generic.Malware.SFM6g.3C18B075
EmsisoftDropped:Generic.Malware.SFM6g.3C18B075 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.Gen@1gsefs
DrWebWin32.HLLM.Detail
VIPREDropped:Generic.Malware.SFM6g.3C18B075
TrendMicroTROJ_ZBOT.SMUC
McAfee-GW-EditionGenericRXAY-YJ!D2BE25B83C0D
Trapminemalicious.moderate.ml.score
SophosML/PE-A + Mal/Behav-010
SentinelOneStatic AI – Suspicious PE
GDataDropped:Generic.Malware.SFM6g.3C18B075
JiangminHTool.Agent.ky
WebrootW32.Infostealer.Zeus
AviraTR/Crypt.XPACK.Gen
MicrosoftTrojan:Win32/Zbot.WM!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Agent.R6534
VBA32Trojan.Inject.01376
ALYacDropped:Generic.Malware.SFM6g.3C18B075
MAXmalware (ai score=87)
MalwarebytesZbot.Trojan.Stealer.DDS
TrendMicro-HouseCallTROJ_ZBOT.SMUC
RisingTrojan.Win32.Wsnpoem.cl (CLASSIC)
YandexTrojan.GenAsa!qLYLJyebXzo
IkarusTrojan-Spy.Win32.Zbot
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.PZ!tr.spy
AVGWin32:Evo-gen [Susp]
Cybereasonmalicious.83c0d6
PandaTrj/Genetic.gen

How to remove Trojan:Win32/Zbot.WM!MTB?

Trojan:Win32/Zbot.WM!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment