Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJANSPY.ZBOT.BVRU

 

 

Name:

TrojanSpy.Zbot.BVRU

Descr. Added:

May 2, 2012

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When TrojanSpy.Zbot.BVRU is executed, it performs the following activities:

After execution, it drops the following files:

%AppData%\{Random name}\{Random name}.exe
%AppData%\{Random name}\{Random name}.tmp
%AppData%\{Random name}\{Random name}.ilt
%AppData%\Microsoft\Address Book\Administrator.wab
%Temp%{Random name}.bat

It modifies the following registry entries to bypass the systems security.

AntiVirusDisableNotify = 1
FirewallDisableNotify = 1
UpdatesDisableNotify = 1
HKLM\Software\Microsoft\Security Center

It creates the following registry entry to start itself on each reboot.

{CLSID} = "%AppData%\{Random name}\{Random name}.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

TrojanSpy.Zbot.BVRU spies on your email address book; that in turn will be used for spoofing. It will also delete itself with the help of a dropped batch file after its execution. The dropped exe file is polymorphic, helping it avoid antivirus detection.
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4