Home>Trojan Programs>Trojan Spy>

Trojan.Spy.ZBot.EH

Alert Level :	medium
Discovered:	2008Jun14
Tag:	Trojan   PWS
Discoverer and Source:	http://www.bitdefender.com/

Malware Behavior and Technical Description

- the presence of file: ntos.exe in %WINDIR%\system32\ folder or C:\Documents and settings\%username%\Application Data\.
- the presence of the following registry key:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
userinit="%WINDIR%\system32\userinit.exe,%WINDIR%\system32\ntos.exe"
or
userinit="%WINDIR%\system32\userinit.exe,C:\Documents and settings\%username%\Application Data\ntos.exe"

At execution this malware is a trojan that copies itself in %WINDIR%\system32\ntos.exe (or C:\Documents and settings\%username%\Application Data\) and he will create a registry key in order to make sure it will be executed after every reboot.
He will inject in svchost.exe and winlogon.exe and he can provide backdoor and proxy server capabilities.

Removal Trojan.Spy.ZBot.EH instructions:

Please let BitDefender disinfect your files.

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware