Spy

Win32/Spy.Zbot.UX removal tips

Malware Removal

The Win32/Spy.Zbot.UX is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Spy.Zbot.UX virus can do?

  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Win32/Spy.Zbot.UX?



File Info:

name: 597AB5B35DF17963BD5E.mlw
path: /opt/CAPEv2/storage/binaries/0788cc69cecbc4c899bcad079afa0a3cbd198cd763666c83a7bf30a0751771fc
crc32: 1C0C59F7
md5: 6453f3f8f85e8dd28d54b9c7ff9db817
sha1: decfdd924cc5c068e97aff812946fb6d0dc6a763
sha256: 0788cc69cecbc4c899bcad079afa0a3cbd198cd763666c83a7bf30a0751771fc
sha512: 5b3de25c32cdb5189f584dadc01b770aebfba3630ff8824aacb1f0e21359aad30113d3dc6607d3d9ed033a3d1f6e9d8b6d482b19df7cfadc19c7298e7f039586
ssdeep: 12288:FbVOthi2ZF2K2rqemiym442d8DZzyB/EinzikiJ8:FbVOthiGeqekmdZdzyB/Eiz9
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B49423437C714825C99D87381032222F52EE42379535BFAC5A587F8D7CAE2DAD582B3B
sha3_384: f69f511c827cb2b0d0e1a917cd84a9f6804c3b8458fabeb45c515aca11d59023d6821ac725335cce5770a6d24f72ad24
ep_bytes: d3f323f112c8fecbd2c632fe13c8e99f
timestamp: 2004-11-13 11:43:29


Version Info:

CompanyName: SOFTWIN SPawQUsmtjLJfqcKKQJ
FileDescription: obgtDLfJdyDJl5fbTP
FileVersion: BK7QTPhP7bolqob
InternalName: uGqjKequIEtoPG
LegalCopyright: mWr4tD6henP
OriginalFilename: 4orqYXFw1r53E
ProductName: 3DLcSbgKiLfpE4msY
ProductVersion: aEFVsopbnF21cMkmw
Translation: 0x0800 0x04b0

Win32/Spy.Zbot.UX also known as:

BkavW32.AIDetect.malware2
LionicHacktool.Win32.Krap.kZ7f
Elasticmalicious (high confidence)
DrWebTrojan.Packed.687
MicroWorld-eScanGen:Packed.Aq3@caieMVoc
FireEyeGeneric.mg.6453f3f8f85e8dd2
ALYacGen:Packed.Aq3@caieMVoc
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.8173
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 0054a19e1 )
AlibabaTrojanPSW:Win32/BredoPk.497a0ed1
K7GWTrojan ( 0054a19e1 )
Cybereasonmalicious.8f85e8
BitDefenderThetaGen:NN.ZexaF.34212.Aq3@aaieMVoc
VirITTrojan.Win32.Packed.BAL
CyrenW32/SuspPack.BA.gen!Eldorado
SymantecPacked.Cupx!gen1
ESET-NOD32Win32/Spy.Zbot.UX
TrendMicro-HouseCallTROJ_BREDLAB.SMZ
Paloaltogeneric.ml
ClamAVWin.Trojan.Agent-199128
KasperskyPacked.Win32.Krap.w
BitDefenderGen:Packed.Aq3@caieMVoc
NANO-AntivirusTrojan.Win32.Krap.tvujr
AvastWin32:Bredolab-K [Trj]
TencentWin32.Packed.Krap.Wncl
Ad-AwareGen:Packed.Aq3@caieMVoc
EmsisoftGen:Packed.Aq3@caieMVoc (B)
ComodoEmailWorm.Win32.Joleee.~J3@1ty14l
TrendMicroTROJ_BREDLAB.SMZ
McAfee-GW-EditionBehavesLike.Win32.Emotet.gc
SophosMal/Generic-R + Mal/BredoPk-B
IkarusTrojan.Win32.Bredolab
GDataGen:Packed.Aq3@caieMVoc
JiangminPack.Krap.a
WebrootW32.Malware.Gen
AviraTR/Dropper.Gen
MAXmalware (ai score=100)
Antiy-AVLTrojan[Packed]/Win32.Krap
ArcabitGen:Packed.EC32AA
MicrosoftTrojan:Win32/Zbot.SIBC21!MTB
CynetMalicious (score: 100)
AhnLab-V3Packed/Win32.Krap.R37790
Acronissuspicious
McAfeeArtemis!6453F3F8F85E
VBA32Trojan.Zeus.EA.0999
MalwarebytesGeneric.Malware/Suspicious
APEXMalicious
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.DR.Agent!6aeWzVhPoeg
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.15053.susgen
FortinetW32/PackZbot.C!tr
AVGWin32:Bredolab-K [Trj]
PandaTrj/Krap.W
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Win32/Spy.Zbot.UX?

Win32/Spy.Zbot.UX removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment