Spy

Win32/Spy.Zbot.ADC removal instruction

Malware Removal

The Win32/Spy.Zbot.ADC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Win32/Spy.Zbot.ADC virus can do?

  • Executable code extraction
  • Injection (inter-process)
  • Injection with CreateRemoteThread in a remote process
  • Mimics the system’s user agent string for its own requests
  • Creates RWX memory
  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Danish
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Detects Sandboxie through the presence of a library
  • Detects the presence of Wine emulator via function name
  • Attempts to repeatedly call a single API many times in order to delay analysis time
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Attempts to identify installed analysis tools by a known file location
  • Checks for the presence of known devices from debuggers and forensic tools
  • Detects the presence of Wine emulator via registry key
  • Detects Sandboxie using a known mutex
  • Attempts to modify proxy settings
  • Creates a copy of itself
  • Checks for a known DeepFreeze Frozen State Mutex
  • Collects information to fingerprint the system
  • Anomalous binary characteristics

Related domains:

ioxicjkdkc.abkhazia.su
dfsj4i9jifgdf.xyz

How to determine Win32/Spy.Zbot.ADC?


File Info:

crc32: 406968E3
md5: 01b88d499ba691e043b77d08bf3c216f
name: 01B88D499BA691E043B77D08BF3C216F.mlw
sha1: e066badab72df98e4dea3c6c3f5fd6124c871720
sha256: 4e2b52840e51ea18fd77e120fd518dfc42008516429fd228463fca0cd127fcb0
sha512: a95dc0e3b9c25aa1ca19cec89c335e0f985fd9f3c9db82569aed10adfc71a945d011e1a69ea1ead9db7ed7d81782568a425d68b045bf994cdde87815850dcaa3
ssdeep: 3072:soVWBSpJ7sCi98qJfve0QVyBNTVJkCNbaPE8Clse9ALDvO5bKmrJ+j:soGWJCuqJ3eLmvJlNqE1se9AG5bKT
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

Translation: 0x3245 0xa910

Win32/Spy.Zbot.ADC also known as:

BkavW32.AIDetect.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.Mint.Jamg.C
FireEyeGeneric.mg.01b88d499ba691e0
CAT-QuickHealTrojan.Emotet.NI5
Qihoo-360Win32/Trojan.2e6
McAfeeGenericRXGB-AG!01B88D499BA6
CylanceUnsafe
ZillyaTrojan.GandCrypt.Win32.462
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005364b61 )
BitDefenderTrojan.Mint.Jamg.C
K7GWTrojan ( 005364b61 )
Cybereasonmalicious.99ba69
CyrenW32/Ransom.KH.gen!Eldorado
SymantecRansom.GandCrab
APEXMalicious
AvastWin32:MalwareX-gen [Trj]
ClamAVWin.Packer.Crypter-6614720-1
KasperskyHEUR:Trojan.Win32.Generic
AlibabaVirTool:Win32/Obfuscator.b15bf81f
NANO-AntivirusTrojan.Win32.Encoder.ferfla
ViRobotTrojan.Win32.GandCrab.210432
AegisLabTrojan.Win32.Generic.4!c
RisingMalware.Obscure!1.A3BB (CLOUD)
Ad-AwareTrojan.Mint.Jamg.C
EmsisoftTrojan.Mint.Jamg.C (B)
ComodoTrojWare.Win32.Ransom.GandCrab.GR@826oxk
F-SecureHeuristic.HEUR/AGEN.1121566
DrWebTrojan.Encoder.25655
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_HPGANDCRAB.SMG2
McAfee-GW-EditionBehavesLike.Win32.Trojan.dc
SophosMal/Generic-R + Mal/GandCrab-B
SentinelOneStatic AI – Malicious PE
JiangminTrojan.Chapak.lh
AviraHEUR/AGEN.1121566
MAXmalware (ai score=96)
Antiy-AVLTrojan/Win32.TSGeneric
MicrosoftVirTool:Win32/Obfuscator.CAP
ArcabitTrojan.Mint.Jamg.C
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataTrojan.Mint.Jamg.C
CynetMalicious (score: 100)
AhnLab-V3Win-Trojan/Gandcrab02.Exp
Acronissuspicious
BitDefenderThetaGen:NN.ZexaF.34590.ouW@a4TLEDiG
ALYacTrojan.Mint.Jamg.C
VBA32BScope.Backdoor.Mokes
MalwarebytesTrojan.MalPack
PandaTrj/Genetic.gen
ZonerTrojan.Win32.68054
ESET-NOD32Win32/Spy.Zbot.ADC
TrendMicro-HouseCallRansom_HPGANDCRAB.SMG2
TencentMalware.Win32.Gencirc.114cfbe3
YandexBackdoor.Mokes!5NvUtzGGOXQ
IkarusTrojan.Win32.Crypt
eGambitUnsafe.AI_Score_99%
FortinetW32/GandCrypt.CHU!tr
AVGWin32:MalwareX-gen [Trj]
Paloaltogeneric.ml
CrowdStrikewin/malicious_confidence_100% (D)
MaxSecureRansomeware.CRAB.gen

How to remove Win32/Spy.Zbot.ADC?

Win32/Spy.Zbot.ADC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment