Variant: Trojan-Spy.Win32.Zbot.gen
Affected Operating Systems: Windows 9x, 2000, XP, Vista, Windows 7
Trojan-Spy.Win32.Zbot.gen exploits operating system vulnerabilities to infect users computers thus compromising privacy. It tracks your keystrokes and collects confidential information which might be your login ID’s, passwords, credit card details, etc. It is advised that you constantly update your anti-virus software and do a full systems scan at least twice a month.
Manual Removal of Trojan-Spy.Win32.Zbot.gen
1. If your using Windows XP, disable system restore first before proceeding.
- Right click My Computer and click on Properties.
- Click on the System Restore tab.
- Put a checkmark on Turn off system restore on all drives.
- Click apply then OK.
- Restart the computer.
2. Boot into safe mode by pressing F8 key before the Windows logo appears then choose safe mode in the selection list, then hit Enter key.
3. Log-in as Administrator or under your account that has administrator privileges.
4. Show hidden folders and files by going to My Computer -> Tools -> Folder Options -> View Tab -> click show hidden folders, files and drives. Uncheck hide operating systems files. Click OK.
5. Delete the following files
%System%\alg.exe
%System%\svchost.exe
%System%\lsass.exe
%System%\services.exe
%System%\lowsec\user.ds
%System%\lowsec\local.ds
%System%\sdra64.exe
6. Click Start –> Run, type regedit and click OK. User Account Control (UAC) will ask you if you want to authorize access, click Continue.
7. Locate the following registry entries and delete them.
HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7}
8. Restart the computer and boot in the normal mode.