Suspicious#Zbot_2 is a Trojan horse that attempts to steal confidential banking information from the compromised computer. It may also download configuration files and updates from the Internet. It is spread mainly through drive-by downloads and phishing schemes. Zbot is also called as Zeus.
Process Related Changes
It creates the following mutex(es):
It creates the following process(es): - C:\Windows\system32\svchost.exe [ svchost.exe ]
Network Activity
We observed the following DNS query/queries:
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot: - HKLM\software\microsoft\windowsnt\currentversion\winlogon\shell = explorer.exerundll32.exeyise.erompgyjp
|
