Trojan-Spy.Win32.Zbot.mkm detected in Windows Vista

[Bindusar]

Trojan-Spy.Win32.Zbot.mkm detected in Windows Vista operating system by the Avira antivirus that I am using. I tried deleting the infection, but nothing happens when I click on the remove infections button. I always get the alerts when I browse the internet. What are the disasters that it creates in the system? Please suggest me some good antivirus ro remove this infection from my system. The browser that I use in my system is Internet Explorer 8.

[Spyrus]

Trojan-Spy.Win32.Zbot.mkm is a trojan and it installs the following processes into the system:

• NtCreateFile
• NtQueryDirectoryInformation
• LdrLoadDll
• LdrGetProcedureAddress
• NtCreateThread
• EndDialog
• DestroyWindow
• TranslateMessage
• GetClipboardData

I suggest you to format the system and install a fresh copy of Windows to get rid of the infection that has entered into the system.

[Snake08]

Protect your system from Trojan-Spy.Win32.Zbot.mkm if it has been detected in Windows Vista by using the following methods:

1. Always keep a firewall enabled in the system.
2. Keep your computer well updated.
3. Antivirus is the main component of the system that requires frequent updation.
4. Do not open attachments from unknown users.
5. Do not accept file transfers from unknown users.
6. Always beware while clicking on the links that are provided on the websites.
7. Do not download pirated softwares.
8. Beware of social engineering attacks.
9. Protect your system with strong passwords.

[Zachary]

If Trojan-Spy.Win32.Zbot.mkm has been detected in Windows Vista, then perform the following steps for its eradication:

• Terminate the process of the infection from the Task Manager.
• After that, delete the actual file of the infection.
• Then, the registry key, that is [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] has to be changed as "userinit" = "C:\WINDOWS\system32\userinit.exe, "
• Restart the computer after that.
• Then, delete %System%\twex.exe.
• The temporary directory, that is %Temp% has to be emptied.

[Steve123]

Trojan-Spy.Win32.Zbot.mkm searches for the following files in Windows:

1. prv_key.pfx
2. sign.cer
3. *.jks
4. *.db3
5. *.key
6. *.cnf

Then, it packs them in %Temp%\interpro.cab. I suggest you to use Spyware Cease if Trojan-Spy.Win32.Zbot.mkm is detected in Windows Vista.

[Shen]

The following HTTP addresses are intercepted by Trojan-Spy.Win32.Zbot.mkm:

• ibank*.ru/*
• s://bc.nsk.*.ru/*
• s://www.faktura.ru/enter.jsp?site=

The following field values extracted by the infection:

• *<select
• *<option selected
• *<input *value="

If Trojan-Spy.Win32.Zbot.mkm is detected in Windows Vista, then I suggest you to use AVG antivirus.