Remove Trojan.Zbot

September 19, 2016January 12, 2010 by Robert La Nguyen

Trojan.Zbot also performs the following payload:

It will modify Windows Registry and add the following entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”userinit” = “%System%\sdra64.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”userinit” = “%System%\oembios.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”userinit” = “%System%\ntos.exe”

Trojan.Zbot threat will drop the following malicious files:

%System%\sdra64.exe
%System%\oembios.exe
%System%\ntos.exe
%System%\wsnpoem\audio.dll
%System%\wsnpoem\video.dll
%System%\sysproc64\sysproc86.sys
%System%\sysproc64\sysproc32.sys
%System%\lowsec\local.ds

Robert La Nguyen

Robert is a highly motivated writer with 3+ years of experience writing for ransomware, malware, adware, PUPs, and other cybersecurity-related issues. As a writer, he strives to create content that is based on thorough technical research.

Leave a Comment Cancel reply