W32/Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. W32/Zbot is created using a Trojan-building toolkit. The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. The computer is compromised if the user visits the link, if it is not protected.

W32/Zbot is very difficult to detect even with up-to-date antivirus and other security softwares as it hides itself using stealth techniques. Security experts are advising that businesses continue to offer training to users to teach them to not to click on hostile or suspicious links in emails or Web sites, and to keep antivirus protection up to date. They can monitor online banking activities by hooking API addresses and injecting code into webpages. W32/Zbot  lets a malicious hacker gain access and control your PC, to varying degrees. Its level of control depends on the information in the configuration data in each particular variant.

zbot

Confidential information is gathered through multiple methods. Upon execution W32/Zbot automatically gathers any Internet Explorer, FTP, or POP3 passwords that are contained within Protected Storage. However, its most effective method for gathering information is by monitoring Web sites included in the configuration file, sometimes intercepting the legitimate Web pages and inserting extra fields (e.g. adding a date of birth field to a banking Web page that originally only requested a user name and password).

Infection Symptons of W32/Zbot
  • W32/Zbot will degrade the computer performance significantly and crash down the system randomly.
  • Allows remote access to compromise your computer by changing your PC system settings, registry settings and files to capture and steal your personal privacy data without any permission.
  • May come with additional spyware or other privacy-invasive trojans
  • Blocks the network connection and it pretends to show you that the browsers get hijacked.
  • Connects to a command and conrol server to download additional instructions and malware


How to Remove W32/Zbot

Use the instructions below to automatically remove W32/Zbot and other malware, as well as automatically repair internet browser settings if needed.

Remove with Reason Core Security
  1. Install the free version of Reason Core Security.

  2. When the installation begins, you will see the Reason Core Security Setup which will guide you through the installation process.

  3. Once installed, Reason Core Security will automatically start a quick "welcome" process. When this completes it will run an initial scan which should find this and all additional adware threats on your computer. When it finds it and the scan completes, you will be asked to run a quick or full scan.

    rcs
  4. After the scan you will see W32/Zbot and other malware, adware and PUPs Reason Core Security has detected. Check all items you want to remove and click the "Remove Checked" button.

  5. Reason Core Security will now remove W32/Zbot and other malware it has found.

Remove with Malwarebytes Anti-Malware
  1. Install the free or paid version of Malwarebytes Anti-Malware.

  2. Once Malwarebytes is installed, run the program. If you are using the free version of Malwarebytes you will be prompted to update the database, please do so.

  3. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan. Malwarebytes will automatically detect W32/Zbot and additional third-party malware infecting the computer system.

    malwarebytes
  4. Once the malware scan is over, Malwarebytes will prompt a notice stating malicious objects were detected. Select the malicious objects and click the Remove Selected button to completely remove the malicious files from your computer




Ways to Prevent W32/Zbot Infections

Take the following steps to protect your PC from W32/Zbot and other viruses. Suggested tools and security programs within installed software helps prevent the same threats on your PC.

Install an effective anti-malware program
Your first line of defense would be an effective security program that provides real-time protection. We have a list of anti-malware programs that are tried and tested. It does not only scan files but also monitors your PC and blocks infections from occuring. Click on the link below to download our recommended anti-malware program.

» Download Protection Software

Always update your installed software
Software publishers constantly releases updates for programs whenever a flaw or security exploit is discovered. Getting these updates makes your computer more secured and help prevents Trojans, viruess, malware, and W32/Zbot similar threats. If in case your program is not set for automatic updatse, it usually offered from the publisher's web site, which you can download anytime.

Secure your web browser
It is becoming increasingly popular for attackers to compromise computers through vulnerable web browsers. An insecure web browser can lead to viruses being installed on your computer without your knowledge, attackers taking control of your computer, stealing your information, or even using your computer to attack other computers. We highly encourage you to maximize the setup to tighten the security of your browser. While making your browser more secure helps reduce the risk that someone will be able to use it to compromise your computer, it is still important to have safe computing habits so attackers get fewer chances to try. Don't click on unknown or unsolicited links or open unexpected attachments. Don't download files, programs or tools unless you are positive they are safe.

Apply full caution when using the Internet
The Internet is full of fraud, malware, scams and many forms of computer threats including W32/Zbot. Implement full caution with links that you may receive from emails, social networking sites, and instant messaging programs. It might lead you to malicious sites that can cause harm to your computer. Avoid strange web sites that offer free services and software downloads as these downloaders typically bundle unwanted software that lead to virus infections.



Use Windows System Restore

if you have been infected by W32/Zbot you migt be required to restore yoru computer to a previous saved state. During an infection, W32/Zbot drops various files and registry entries. The threat intentionally hides system files by setting options in the registry and might install a rootkit. With these changes, the best solution is to return Windows to previous working state is through System Restore. Even if your standard AV has removed the infection it might be the safest aleternative. To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Windows XP, Windows Vista, and Windows 7
  1. Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
  2. Then, press Enter on the keyboard to open System Restore Settings.
Windows 8 and Windows 10
  1. Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
  2. Right-click on the icon and select Run from the list. This will open a Run dialog box.
  3. Type rstrui on the 'Open' field and click on OK to initiate the command.
Next,
  1. Continue on the steps and choose a desired restore point. All saved restore points are listed with corresponding date, time and description. Please click and read ‘How do I choose a restore point?’ for additional guide. system-restore-7
  2. Typically, only the most recent restore points are shown. To view older saved data, please choose “Show more restore points.”After choosing a restore point click Next.
  3. If prompted to Confirm your restore point, please click on Finish to begin the process.
Note, System Restore will not bring back lost personal files such as documents, images and videos. System Restore specific purpose is to bring back previous configuration and change the system state of Windows.


W32/Zbot