About “Trojan:Win32/Zombie!pz” infection

The Trojan:Win32/Zombie!pz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/Zombie!pz virus can do?

Sample contains Overlay data
The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Trojan:Win32/Zombie!pz?


File Info:
name: 0DCA1A2652E734071A80.mlw
path: /opt/CAPEv2/storage/binaries/7500aa1ad52fe587019ebe1ab53ce6025cd82f8281ba5695d703883f9a1b18b2
crc32: B360A1B0
md5: 0dca1a2652e734071a8060e0df8f70bd
sha1: cfcf59db5fff457735a28a474f766fb0c78ca94d
sha256: 7500aa1ad52fe587019ebe1ab53ce6025cd82f8281ba5695d703883f9a1b18b2
sha512: 00a963e97d41581f88738b4454c24689f6fae28194578bf7816dbc998540f2c202e58fcf2ee3b96e94112aa4caf09c9ae1d84adf993387311de672eea4ce4544
ssdeep: 768:qKVeIuKVeIaCgx+qsaCgx+qswPNP2pJepJ5xPGSxPGc:6X0aX0wPNPmuvPG0PGc
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T16504E5078DE6BAABC36392FF265B3A483C69AEC77352DEB42D4171764410F7069E2043
sha3_384: 072fc19c759bc5412034b6bcfa615534777f43926f36b3cea9bc4c8a3aabd0dd09c7b602fe28f2923cfa64f74b3805cc
ep_bytes: 00000000000000000000136000000000
timestamp: 2014-04-29 18:27:40

Version Info:
0: [No Data]

Trojan:Win32/Zombie!pz also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
MicroWorld-eScan	Trojan.GenericKDZ.92970
Skyhigh	Artemis
McAfee	Artemis!0DCA1A2652E7
Zillya	Trojan.Cosmu.Win32.152467
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
Alibaba	Trojan:Win32/Zombie.858fb6da
Arcabit	Trojan.Generic.D16B2A
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ClamAV	Win.Malware.Lazy-9954277-0
BitDefender	Trojan.GenericKDZ.92970
Sophos	Mal/Generic-S
VIPRE	Trojan.GenericKDZ.92970
Emsisoft	Trojan.GenericKDZ.92970 (B)
Ikarus	Trojan.Crypt
Jiangmin	Trojan.Cosmu.atj
Varist	W32/S-5a8d2096!Eldorado
Antiy-AVL	GrayWare/Win32.Tampering.27230
Microsoft	Trojan:Win32/Zombie!pz
GData	Trojan.GenericKDZ.92970
Google	Detected
MAX	malware (ai score=89)
TrendMicro-HouseCall	TROJ_GEN.R002H01L523
Rising	Trojan.Generic@AI.100 (RDML:D3a3HkKmoD0C7vOaZ94ZOg)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Shohdi.B!tr
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/Zombie!pz?

Trojan:Win32/Zombie!pz removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X