Zbot.EKW_5 is a Trojan horse that attempts to steal confidential banking information from the compromised computer. It may also download configuration files and updates from the Internet. It is spread mainly through drive-by downloads and phishing schemes. Zbot is also called as Zeus.
File Related Changes
It drops the following file(s) on the system:
- "C:\WINDOWS\Tasks\fupjeol.job"
- "C:\Documents and Settings\All Users\Application Data\Mozilla\azzgnmm.exe"
Process Related Changes
It creates the following mutex(es):
- CTF.TMD.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
- CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398-1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003"
- CTF.Compart.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
- CTF.Layouts.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
- CTF.Asm.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
- CTF.LBES.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
It creates the following process(es): - C:\WINDOWS\Temp\daf8d188e17caf9dce60075a6222e0d6.exe [ \c:\windows\temp\daf8d188e17caf9dce60075a6222e0d6.exe ]
|
