Posts Comments

Tspy ZBOT Removal

By admin on April 2, 2010 Leave a Comment

Exposed: Tspy ZBOT is a name defined by security expert Trend Micro for the notorious Zbot Trojan which is used to steal users’ private information. Tspy ZBOT is a dangerous malicious application with many variants which are designed to bypass specific security measures. It attempts to steal the user’s cached passwords and login details from cookies. Tspy ZBOT, which is also known as Win32 Tspy ZBOT, gets delivered to the user as an attachment to a spam email. This email claims that a package that was to be delivered to the user could not be delivered as the user’s address was incorrect, and asks the user to download the ‘invoice copy’ attached and resubmit the address. If the user is indeed expecting a package he or she will be tricked into downloading this attachment as they would not expect anything bad to come out of it.

The so-called ‘invoice copy’ contains Tspy ZBOT, which will immediately install itself and begin its malicious activities. During installation Tspy ZBOT will check for firewall processes, and if any are found, it will only copy itself and exit.

A large amount of junk data will be attached to the installation to make detection difficult. If there is no firewall present or if the firewall is turned off, the Trojan Tspy ZBOT will immediately connect to a remote server and download a configuration file which contains details of which information Win32 Tspy ZBOT should steal from the user, where to upload this information and another location where Tspy ZBOT can be downloaded again.

When the user fills in forms on targeted web pages, Tspy ZBOT will capture whatever is posted on the form and submit it to the malware author. It might also inject false fabricated fields into targeted web pages and send the resulting submissions as well. Tspy ZBOT may also completely redirect the user away from targeted web pages to a fake web page on a different server related to malware. Tspy ZBOT also has limited backdoor entry capabilities which allow the malware author to log in to the user’s system.

If a variant of Tspy ZBOT is found on your computer, you should take immediate measures to remove it, as it compromises your privacy.

Filed Under: Virus Removal Tagged With: , ,

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.