Malware

Zbot.65 removal

Malware Removal

The Zbot.65 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Zbot.65 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • At least one process apparently crashed during execution
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a copy of itself

How to determine Zbot.65?



File Info:

name: BC9BF48CE4FBDE96BDD2.mlw
path: /opt/CAPEv2/storage/binaries/4d30b180df4a318ab526567db1edcb760e77b96a0e81dfe514f22c2c9b388f72
crc32: 9DC09087
md5: bc9bf48ce4fbde96bdd2125ecdec04df
sha1: 06d61c37b65f9d9023292fb358af30f38671fa20
sha256: 4d30b180df4a318ab526567db1edcb760e77b96a0e81dfe514f22c2c9b388f72
sha512: 1e92f8cf16da6cc18475c5edd2f0f9f5d8ee4e8c8cce035a9357af9bf8988a9abcaf97b526f797c670cb2628732830347dff4ac2761bd6c3177f597d0edb4818
ssdeep: 1536:G/uU4m+rAkOKN/hWIZXLmSNcCd0yMyy0IZ:G/8AkOKND7Fpo0IZ
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17E43F143FBD93A5EF0B30277E4E30E79A737AEDE951527279505428FAC4820EB920365
sha3_384: 9296cfb972620997470aeed5f473a194ad2da95c7af561a3ffb26bb17818bba9c230ddd3f81798bb6f21aaa2ad573990
ep_bytes: 60be009040008dbe0080ffff57eb0b90
timestamp: 2004-12-29 18:07:39


Version Info:

CompanyName: 3M Touch Systems, Inc.
FileDescription: Curve Strike
FileVersion: 1, 8
InternalName: Vote Scot Fend Pause Sweaty
LegalCopyright: Award 2000-2005
OriginalFilename: Taste.exe
ProductName: Girls Guilt Check Brows Yep
ProductVersion: 1.8
Translation: 0x0409 0x04b0

Zbot.65 also known as:

LionicTrojan.Win32.FakeAV.4!c
DrWebTrojan.Packed.22288
MicroWorld-eScanGen:Variant.Zbot.65
FireEyeGeneric.mg.bc9bf48ce4fbde96
ALYacGen:Variant.Zbot.65
CylanceUnsafe
ZillyaTrojan.Foreign.Win32.268
K7AntiVirusRiskware ( 0015e4f01 )
AlibabaRansom:Win32/Genasom.7c8472ab
K7GWRiskware ( 0015e4f01 )
Cybereasonmalicious.ce4fbd
BitDefenderThetaGen:NN.ZexaF.34786.dmKfaGmyQOci
VirITTrojan.Win32.Zyx.HZ
SymantecML.Attribute.HighConfidence
Elasticmalicious (moderate confidence)
ESET-NOD32Win32/LockScreen.AIG
TrendMicro-HouseCallTROJ_RANSOM.BMO
Paloaltogeneric.ml
ClamAVWin.Trojan.Foreign-277
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Zbot.65
NANO-AntivirusTrojan.Win32.RiskGen.jebcm
SUPERAntiSpywareTrojan.Agent/Gen-Dofoil[3m]
AvastWin32:Malware-gen
RisingDownloader.Cutwail!8.670 (CLOUD)
Ad-AwareGen:Variant.Zbot.65
EmsisoftGen:Variant.Zbot.65 (B)
ComodoTrojWare.Win32.Kryptik.AAKE@4na54m
F-SecureTrojan.TR/Ransom.EB.20
VIPREGen:Variant.Zbot.65
TrendMicroTROJ_RANSOM.BMO
McAfee-GW-EditionGeneric BackDoor.ws
Trapminemalicious.high.ml.score
SophosTroj/Zbot-BKW
IkarusTrojan.Win32.Yakes
JiangminTrojan/Foreign.hp
WebrootW32.CycBot.Gen
AviraTR/Ransom.EB.20
Antiy-AVLTrojan/Generic.ASMalwS.3303
KingsoftWin32.Troj.FakeAV.em.(kcloud)
MicrosoftRansom:Win32/Genasom.EJ
ArcabitTrojan.Zbot.65
ViRobotTrojan.Win32.Ransom.59392.A
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Zbot.65
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win32.Jorik.R20554
McAfeeGeneric BackDoor.ws
MAXmalware (ai score=99)
VBA32BScope.Trojan-Ransom.Winlock.9212
MalwarebytesTrojan.Zbot.CBCGen
APEXMalicious
TencentWin32.Trojan.Fakeav.ctlb
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.3608047.susgen
FortinetW32/Yakes.B!tr
AVGWin32:Malware-gen
PandaBck/Qbot.AO

How to remove Zbot.65?

Zbot.65 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment