Zbot is a virus that has been striking for several years on the internet. Quite widespread, cybercriminals use this virus in order to identify and steal your banking data and other sensitive personal information (phone numbers, emails, addresses) stored in your computer so as to resell them. Due to this operation mode, it is said that Zbot is part of Stealer.
Zbot is mainly spread in three ways:
- Via exploits on several websites.
- Via email, for example mails for fake updates of Microsoft.
- Via downloading cracks, hacks, serials and so forth.
During recent years, Zbot played cat and mouse with the various anti-viruses. The malware has been mostly changed in order to pass unnoticed. Zbot uses particularly self-defense technology that allows it to hide executable files as well as the active processes on an infected computer. That’s the reason why you should have an anti-virus up to date and in particular something like Malwarebytes AntiMalware (free version or not) which is specialized in this kind of infection.
Main symptoms by a Zbot infection
One or more files can appear in the folders system32 and AppData:
- ntos.exe
- twex.exe
- twext.exe
- oembios.exe
- sdra64.exe
- lowsec\\local.ds
- lowsec\\user.ds
System32 and AppData are Windows system folders. Depending on the version of Windows operating system installed, the location of these files can vary. You can find them:
- On Windows Vista, 7, 8 in: C:\Windows\System32 and C:\Users\AppData.
- On Windows XP in: C:\Windows\system32 and C:\Documents and Settings\Application Data.
Entries that indicate suspicious files and are mentioned above can also be found in the registry:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
How to remove Zbot ?
Remove Zbot with MalwareBytes Anti-Malware
Malwarebytes Anti-Malware is a light-weight anti-malware program that is excellent at removing the latest detections.
- Download Malwarebytes Anti-Malware to your desktop.
Premium Version Free Version (without Real-time protection) - Install MalwareBytes Anti-Malware using the installation wizard.
- Once installed, Malwarebytes Anti-Malware will automatically start and you will see a message stating that you should update the program, and that a scan has never been run on your system. To start a system scan you can click on the Fix Now button.
- If an update is found, you will be prompted to download and install the latest version.
- Malwarebytes Anti-Malware will now start scanning your computer for Zbot.
- When the scan is complete, make sure that everything is set to Quarantine, and click Apply Actions.
- When removing the files, Malwarebytes Anti-Malware may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot your computer, please allow it to do so.
Click here to go to our support page.