Home / malwarePDF  

Trojan.Spy.ZBot.EH


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Spy.ZBot.EH is also known as Trojan-Spy.Win32.Zbot.clg Tr/Spy.Zbot.clg.

Explanation :

At execution this malware is a trojan that copies itself in %WINDIR%system32
tos.exe (or C:Documents and settings\%username%Application Data) and he will create a registry key in order to make sure it will be executed after every reboot.
He will inject in svchost.exe and winlogon.exe and he can provide backdoor and proxy server capabilities.

Last update 21 November 2011

 

TOP