Malware

Win32:Zbot-SUQ [Drp] removal tips

Malware Removal

The Win32:Zbot-SUQ [Drp] is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32:Zbot-SUQ [Drp] virus can do?

  • Injection (inter-process)
  • Injection (Process Hollowing)
  • Executable code extraction
  • Creates RWX memory
  • Starts servers listening on 127.0.0.1:0
  • The binary likely contains encrypted or compressed data.
  • Executed a process and injected code into it, probably while unpacking
  • Tries to unhook or modify Windows functions monitored by Cuckoo
  • Anomalous binary characteristics

How to determine Win32:Zbot-SUQ [Drp]?



File Info:

crc32: 11C00538
md5: ba6d7442594e9953cde6bc7f376ccbb6
name: BA6D7442594E9953CDE6BC7F376CCBB6.mlw
sha1: 933aaccb99adb26e2061e89294649e633899cce4
sha256: 6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
sha512: 0d2ff256b0dd26d1fdebd29405d6531297b711ab6d9dd9d62d3de1c545c29798aaceab8aaca9fd068bd768283d0bd3fce87861f29206a096039fe52380e291a2
ssdeep: 24576:DdsoTalaK6DPAc8pxbDIFgpydT7m6KhYmExe:+9aKYSlDImpm6p0xe
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: Co9g13324p.
InternalName: 
FileVersion: 5923sfdvt6
CompanyName: v4b465guyitr
LegalTrademarks: 
Comments: 
ProductName: 
ProductVersion: 81764gfhb453256
FileDescription: 
OriginalFilename: 
Translation: 0x0409 0x04e4

Win32:Zbot-SUQ [Drp] also known as:

BkavW32.AIDetectVM.malware1
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zusy.337744
FireEyeGeneric.mg.ba6d7442594e9953
CAT-QuickHealTrojan.DriveHide.VN8
McAfeePWS-FCRZ!BA6D7442594E
SangforMalware
CrowdStrikewin/malicious_confidence_80% (D)
BitDefenderGen:Variant.Zusy.337744
SymantecML.Attribute.HighConfidence
AvastWin32:Zbot-SUQ [Drp]
RisingTrojan.Ymacco!8.11BE1 (TFE:2:bSRtW4lIhOQ)
Ad-AwareGen:Variant.Zusy.337744
EmsisoftTrojan-Dropper.Agent (A)
DrWebTrojan.PWS.Siggen2.58425
InvinceaML/PE-A + Troj/Agent-AJFK
McAfee-GW-EditionBehavesLike.Win32.Dropper.th
SophosTroj/Agent-AJFK
JiangminTrojan.Kryptik.ctg
MAXmalware (ai score=81)
MicrosoftPWS:Win32/Fareit!ml
ArcabitTrojan.Zusy.D52750
GDataGen:Variant.Zusy.337744
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Kryptik.R354589
VBA32TScope.Trojan.Delf
ALYacGen:Variant.Zusy.337744
MalwarebytesTrojan.Injector
APEXMalicious
ESET-NOD32a variant of Win32/Injector.ENUC
SentinelOneStatic AI – Malicious PE
FortinetW32/Injector.ENUI!tr
BitDefenderThetaGen:NN.ZelphiF.34634.bH0@aysVXeji
AVGWin32:Zbot-SUQ [Drp]
Cybereasonmalicious.2594e9
Qihoo-360HEUR/QVM20.1.44A7.Malware.Gen

How to remove Win32:Zbot-SUQ [Drp]?

Win32:Zbot-SUQ [Drp] removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment