Spy

Win32/Spy.Zbot.AAJ removal instruction

Malware Removal

The Win32/Spy.Zbot.AAJ is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.Zbot.AAJ virus can do?

  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • Authenticode signature is invalid

How to determine Win32/Spy.Zbot.AAJ?


File Info:

name: CF7F7F1EC01DB1525699.mlw
path: /opt/CAPEv2/storage/binaries/94e5b8dd7c2272efc229aa09761813cedd59ba7bcfa3fe85cff9c811c8e9761d
crc32: 42B957FB
md5: cf7f7f1ec01db15256993c8fbbb9f17a
sha1: 987a893741aa53e21d71dec5cd0edd843fa0dfb6
sha256: 94e5b8dd7c2272efc229aa09761813cedd59ba7bcfa3fe85cff9c811c8e9761d
sha512: e3ee2c413f4806216498ade605b480425e55cd9a5947445096d4e085ac4cd7a71e439e4824fae80000d532fe93c15aec800758ebb09b1867fe3753eac3862855
ssdeep: 6144:/MeXC62ZlBB/Iy4jF5b7ccyGodwzSLb1+:/MeS6OXBK3GMO+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18514BEA7B080B0B2C96716704A69B736A6FF9E345134CCC7F3E41E296571992B62D30F
sha3_384: f13c5539c7ca3d3be85363c047f7b224b947cb39e7e6d3f6ee4cbc795ad077af3fe42e0c0aa1ac936332d6a51204ffa6
ep_bytes: 558bec51535633f65632dbe898f2ffff
timestamp: 2011-11-07 13:14:46

Version Info:

0: [No Data]

Win32/Spy.Zbot.AAJ also known as:

BkavW32.AIDetect.malware1
MicroWorld-eScanGen:Heur.Mint.Dreidel.mmW@yGZSFuc
FireEyeGeneric.mg.cf7f7f1ec01db152
CAT-QuickHealTrojan.Necurs.MUE.A3
ALYacGen:Heur.Mint.Dreidel.mmW@yGZSFuc
CylanceUnsafe
VIPREGen:Heur.Mint.Dreidel.mmW@yGZSFuc
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
CyrenW32/FakeAlert.FY.gen!Eldorado
SymantecML.Attribute.HighConfidence
Elasticmalicious (high confidence)
ESET-NOD32Win32/Spy.Zbot.AAJ
APEXMalicious
ClamAVWin.Spyware.Zbot-1275
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Heur.Mint.Dreidel.mmW@yGZSFuc
NANO-AntivirusTrojan.Win32.Panda.cxwalx
AvastSf:Crypt-BT [Trj]
TencentTrojan.Win32.Zbot.aaw
Ad-AwareGen:Heur.Mint.Dreidel.mmW@yGZSFuc
SophosML/PE-A + Mal/Zbot-HX
DrWebTrojan.PWS.Panda.896
TrendMicroPE_LICAT.A-O
Trapminemalicious.high.ml.score
EmsisoftGen:Heur.Mint.Dreidel.mmW@yGZSFuc (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanSpy.Zbot.bisq
WebrootW32.Malware.Gen
GoogleDetected
AviraTR/Spy.Zbot.aoqb.5
MicrosoftPWS:Win32/Zbot.gen!AP
GDataGen:Heur.Mint.Dreidel.mmW@yGZSFuc
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Zbot.C58734
McAfeePWS-Zbot.gen.ave
MAXmalware (ai score=88)
VBA32SScope.Trojan.FakeAV.01110
MalwarebytesMalware.AI.1727413644
TrendMicro-HouseCallPE_LICAT.A-O
RisingSpyware.Zbot!1.648A (CLASSIC)
YandexTrojan.GenAsa!3N7OEc59XlQ
IkarusTrojan-Spy.Banker.Citadel
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Zbot.DS!tr.spy
BitDefenderThetaGen:NN.ZexaF.34646.mmW@aGZSFuc
AVGSf:Crypt-BT [Trj]
Cybereasonmalicious.ec01db
PandaTrj/Genetic.gen

How to remove Win32/Spy.Zbot.AAJ?

Win32/Spy.Zbot.AAJ removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment