What is “Trojan:Win32/Zbot!atmnm”?

The Trojan:Win32/Zbot!atmnm is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Zbot!atmnm virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Creates Zeus (Banking Trojan) mutexes

How to determine Trojan:Win32/Zbot!atmnm?


File Info:
name: EC967E15C20532F1B6A0.mlw
path: /opt/CAPEv2/storage/binaries/707782e1098f7bf18c7bc478477dc7461f9657911becdf6b26d99b7182071796
crc32: C76193D2
md5: ec967e15c20532f1b6a02d79f511cf5b
sha1: 490cdcabcf76e5291f669797b6822d614f4b91d9
sha256: 707782e1098f7bf18c7bc478477dc7461f9657911becdf6b26d99b7182071796
sha512: adda4f2660ec6c818b1cb603983e6d6414aed3ce0643abaa490e7ea08c5e6d08e1b806f6fd5f335cdbdcb0745862c05830b4b89806f38c256d90483ced20c9ab
ssdeep: 3072:mB+U/pvyvJjtKeXea6109jEgTMA3VQUhHw18n5HC:mBxyvL6e97MUxtC
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C0D3BF22F3E2817DF4B312321A714663DEFB7D21293A952D56D20A6D0F326B1D53A393
sha3_384: 397f3316fa741d5766d1c09d5d1f35bde20c0def015eaf44cec0f800580b280104ba8fc74bc7cb77af787bc77a8e352d
ep_bytes: 558bec81ec3804000053565733ff4757
timestamp: 2007-05-30 19:33:01

Version Info:
0: [No Data]

Trojan:Win32/Zbot!atmnm also known as:

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Dropped:Generic.Malware.SFM6g.AB5CA48C
ClamAV	Win.Malware.Zbot-9951822-0
CAT-QuickHeal	Trojanpws.Zbot.29195
ALYac	Dropped:Generic.Malware.SFM6g.AB5CA48C
Malwarebytes	Malware.AI.3826158925
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Spyware ( 0053eecd1 )
K7GW	Spyware ( 0053eecd1 )
Cybereason	malicious.5c2053
VirIT	Trojan.Win32.Generic.FZC
Cyren	W32/Zbot.BS.gen!Eldorado
Symantec	Trojan.Zbot
ESET-NOD32	a variant of Win32/Spy.Agent.PZ
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-Spy.Win32.Zbot.wqmk
BitDefender	Dropped:Generic.Malware.SFM6g.AB5CA48C
NANO-Antivirus	Trojan.Win32.Agent.mram
SUPERAntiSpyware	Trojan.Agent/Gen-Zusy
Avast	Win32:BankerX-gen [Trj]
Tencent	Trojan-Spy.Win32.Zbot.xa
Emsisoft	Dropped:Generic.Malware.SFM6g.AB5CA48C (B)
F-Secure	Trojan.TR/Crypt.ZPACK.Gen
DrWeb	Win32.HLLM.Detail
VIPRE	Dropped:Generic.Malware.SFM6g.AB5CA48C
TrendMicro	TROJ_ZBOT.SMUC
McAfee-GW-Edition	BehavesLike.Win32.PWSZbot.ch
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.ec967e15c20532f1
Sophos	Troj/Zbot-PQK
Ikarus	Trojan-Spy.Win32.Zbot
GData	Win32.Trojan.PSE.54PMYO
Jiangmin	HTool.Agent.ky
Avira	TR/Crypt.ZPACK.Gen
Antiy-AVL	Trojan[Spy]/Win32.Zbot
Xcitium	TrojWare.Win32.TrojanSpy.Zbot.Gen@1gsefs
Arcabit	Generic.Malware.SFM6g.AB5CA48C
ZoneAlarm	Trojan-Spy.Win32.Zbot.wqmk
Microsoft	Trojan:Win32/Zbot!atmnm
Google	Detected
AhnLab-V3	Win-Trojan/Hupe.Gen
McAfee	GenericRXAY-YJ!EC967E15C205
MAX	malware (ai score=85)
VBA32	Trojan.Inject.01376
Cylance	unsafe
Panda	Trj/Genetic.gen
Zoner	Trojan.Win32.22153
TrendMicro-HouseCall	TROJ_ZBOT.SMUC
Rising	Trojan.Win32.Wsnpoem.cl (CLASSIC)
Yandex	Trojan.GenAsa!qLYLJyebXzo
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Zbot.PZ!tr.spy
BitDefenderTheta	AI:Packer.7289C79A1E
AVG	Win32:BankerX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Trojan:Win32/Zbot!atmnm?

Trojan:Win32/Zbot!atmnm removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X