Malware

Zbot.30 (B) removal guide

Malware Removal

The Zbot.30 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zbot.30 (B) virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Russian
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid

How to determine Zbot.30 (B)?



File Info:

name: 7FC3E0E04FEB822BEB0C.mlw
path: /opt/CAPEv2/storage/binaries/f2368a395b3ca7b5640c3e96d706e9e95169a457c546f2cbad1896e0911fd84c
crc32: E408B0B9
md5: 7fc3e0e04feb822beb0c8ec4207ef8db
sha1: cb7e285a27fb7761e5dd37fe7c1fbc1cc540461e
sha256: f2368a395b3ca7b5640c3e96d706e9e95169a457c546f2cbad1896e0911fd84c
sha512: 9a87a17109520754b521e8862eaf12501a14f1231804d4ac70bc6c58e87574fb7ab4f5e5104343417154571eb6223de38065c667ae38e7afb5992c7d82aec4d3
ssdeep: 3072:GFWiIRB7qnam7f92s30iukBvQVDyPqrGcD11v5CgJurI3dtq:4JsB7qeskiM7D11Bb0rI3d8
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T124D312A327398DABD91593F71A4477C7319E21AAD16F8E0C330251B2D6D22F272512ED
sha3_384: bd1c8a1636f6be8c0d9fc348cfb7b8ce69dd4d1ce74d08cbf4cb6e35ac85d108b0d2c4d90ebb722cf93075c32830aca0
ep_bytes: 60be006045008dbe00b0faff57eb0b90
timestamp: 2004-05-26 13:36:29


Version Info:

0: [No Data]

Zbot.30 (B) also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Zbot.30
FireEyeGeneric.mg.7fc3e0e04feb822b
CAT-QuickHealTrojanBNK.Zbot.mue
ALYacGen:Variant.Zbot.30
CylanceUnsafe
ZillyaTrojan.Zbot.Win32.27001
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
AlibabaTrojanPSW:Win32/Kryptik.f330d4a0
K7GWTrojan ( 005485311 )
K7AntiVirusTrojan ( 005485311 )
VirITTrojan.Win32.Generic.AEKJ
CyrenW32/Zbot.BG.gen!Eldorado
SymantecTrojan.Zbot
ESET-NOD32a variant of Win32/Kryptik.HUA
APEXMalicious
Paloaltogeneric.ml
ClamAVWin.Trojan.Zbot-12509
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zbot.30
NANO-AntivirusTrojan.Win32.Zbot.brqnjr
AvastWin32:Trojan-gen
TencentWin32.Trojan.Generic.Amwh
Ad-AwareGen:Variant.Zbot.30
SophosMal/Generic-R + Mal/Zbot-GO
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
DrWebTrojan.PWS.Panda.379
VIPREPacked.Win32.Zbot.gen.y.8 (v)
TrendMicroTROJ_SPYEYE.SMEP
McAfee-GW-EditionBehavesLike.Win32.Spyeye.cc
EmsisoftGen:Variant.Zbot.30 (B)
IkarusTrojan-Spy.Win32.Zbot
GDataGen:Variant.Zbot.30
JiangminTrojan/Generic.bkjf
AviraTR/Crypt.XPACK.Gen
MAXmalware (ai score=99)
Antiy-AVLTrojan/Generic.ASMalwS.8F06B2
ViRobotTrojan.Win32.A.Zbot.3178496[UPX]
ZoneAlarmHEUR:Trojan.Win32.Generic
MicrosoftPWS:Win32/Zbot.gen!Y
CynetMalicious (score: 100)
AhnLab-V3Spyware/Win32.Zbot.R39465
McAfeeArtemis!7FC3E0E04FEB
VBA32Trojan.Zeus.EA.0999
TrendMicro-HouseCallTROJ_SPYEYE.SMEP
RisingSpyware.Zbot!8.16B (CLOUD)
YandexTrojan.GenAsa!Qq7yRgDupcE
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.7164915.susgen
FortinetW32/SpyEye.SK!tr
BitDefenderThetaAI:Packer.BA3507721E
AVGWin32:Trojan-gen
Cybereasonmalicious.04feb8
PandaGeneric Malware

How to remove Zbot.30 (B)?

Zbot.30 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment