Home Malware Programs Trojans Trojan-Spy.Win32.Zbot.boux

Trojan-Spy.Win32.Zbot.boux

Posted: July 14, 2011

Trojan-Spy.Win32.Zbot.boux is a keylogger and a Trojan that steals sensitive information by recording your keyboard input. Other notable actions that Trojan-Spy.Win32.Zbot.boux may take includes: launching itself automatically, running as a hidden process, contacting malicious websites downloading and installing harmful programs. Keyloggers like Trojan-Spy.Win32.Zbot.boux are extremely dangerous violations of privacy and should be deleted at once. However, a proper threat-removal software is recommended for removing Trojan-Spy.Win32.Zbot.boux, since Trojan-Spy.Win32.Zbot.boux may conceal in ways that are difficult to detect by manual methods.

Trojan-Spy.Win32.Zbot.boux: the Concealed Trojan You May Not See Till It's Too Late

Preemptively protecting your PC from Trojan-Spy.Win32.Zbot.boux involves using up to date security software, avoiding suspicious websites and disabling scripts for sources that you don't trust. Updates are particularly important for avoiding a Trojan-Spy.Win32.Zbot.boux attack, since Trojan-Spy.Win32.Zbot.boux infections have been seen as lately as July 2011 and may not be detected by out of date software. You may also want to exercise care around file sources and websites from Russia, since most Trojan-Spy.Win32.Zbot.boux infections have been reported to be from that region.

Trojans like Trojan-Spy.Win32.Zbot.boux will tend to infect your PC without letting you realize it, and Trojan-Spy.Win32.Zbot.boux also uses several tactics to avoid being seen while Trojan-Spy.Win32.Zbot.boux is operational. Some of Trojan-Spy.Win32.Zbot.boux's stealth tactics include:

  • Exploiting the Windows Registry to make Trojan-Spy.Win32.Zbot.boux start at the same time as Windows. Registry changes are difficult to undo manually and may harm your PC, if fixes are attempted without assistance from experts or advanced threat-removal software.
  • Running as a background process with no external interface to see. Although you may be able to monitor Trojan-Spy.Win32.Zbot.boux's memory process in Task Manager, there have been cases of Trojan-Spy.Win32.Zbot.boux hiding Trojan-Spy.Win32.Zbot.boux's activities with baseline Windows processes line cmd.exe.
  • Disabling several security-related settings to make your computer vulnerable to attack, especially through your web browser. Again, this takes place through the Windows Registry, making this Trojan-Spy.Win32.Zbot.boux attack nearly undetectable by casual inspection.

Why You Want to Spot Trojan-Spy.Win32.Zbot.boux Sooner Rather Than Later

Trojan-Spy.Win32.Zbot.boux's ability to reduce your computer's security is only the start of Trojan-Spy.Win32.Zbot.boux's harmful payload. The primary function of Trojan-Spy.Win32.Zbot.boux, for which it earned Trojan-Spy.Win32.Zbot.boux's name, is its keylogging feature. Keylogging tracks all keyboard input on your computer and may even copy information that's stored on your clipboard (copy-pasted data). This information is placed into a log file which Trojan-Spy.Win32.Zbot.boux will send out to criminals. Keylogging is especially focused on stealing credit card numbers and account passwords, but may also harvest virtually any type of information.

That last aspect of keylogging requires Trojan-Spy.Win32.Zbot.boux to be able to ignore your network security settings, a fact that carries other risks along with it. Trojan-Spy.Win32.Zbot.boux may also try to download and install other applications, or contact websites to harvest exploitable information about your computer.

You should delete Trojan-Spy.Win32.Zbot.boux with effective anti-malware programs that are capable of spotting such sophisticated threats and removing them before Trojan-Spy.Win32.Zbot.boux can gather any personal information. Afterwards, changing account passwords and other settings may also be helpful to protect yourself from future Trojan-Spy.Win32.Zbot.boux-related attacks.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Kovy\wyma.tmp
    2 %AppData%\Kovy\wyma.vae
    3 %AppData%\Zizuyf\elev.exe
    4 %Temp%\tmpae0b017d.bat

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrivacyHKEY_CURRENT_USER\Software\Microsoft\Xytoqy
Loading...