Remove PWS-Zbot.gen.v

September 19, 2016December 15, 2009 by Robert La Nguyen

When installed on the computer, PWS-Zbot.gen.v will also perform the following:

It will modify Windows Registry and add the following entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] “Userinit” = “C:\WINDOWS\system32\userinit.exe, C:\WINDOWS\system32\sdra64.exe”

The threat will drop the following malicious files:

%SysDir%\lowsec\local.ds
%SysDir%\lowsec\user.ds
%SysDir%\lowsec\user.ds.lll
%SysDir%\sdra64.exe

Robert La Nguyen

Robert is a highly motivated writer with 3+ years of experience writing for ransomware, malware, adware, PUPs, and other cybersecurity-related issues. As a writer, he strives to create content that is based on thorough technical research.

Leave a Comment Cancel reply