Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


Trojan.Win32.Zbot.Pda SPAMMED IN THE WILD

Virus Name  : Trojan.Win32.Zbot.Pda

Alias             : Win32/TrojanDownloader.Wauchos.A, Trojan-Dropper:W32/Agent.DUDI, PWS-Zbot.gen.akg, TROJ_GEN.F06EZHC, Worm:Win32/Gamarue.F, Downloader.Dromedan

Virus type    : Backdoor, TrojanDownloader

Threat level : Low

Virus details :

                     Trojan.Win32.Zbot.Pda trojan and it is spammed via e-mail in a Zip file. ( Example: DHL-EXPRESS-DELIVERY-NOTIFICATION.zip )

The infected mail message body is given below.

DHL Express
Tracking Notification: Thu, 9 Aug 2012 15:46:00 +0700
--------------------------------------------------------------------------------

Custom Reference: 2568452-0959LFILLJT
Tracking Number: QN839703757762
Pickup Date: Thu, 9 Aug 2012 15:46:00 +0700
Service: AIR/GROUND
Pieces: 1


--------------------------------------------------------------------------------

Thu, 9 Aug 2012 15:46:00 +0700 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

--------------------------------------------------------------------------------



--------------------------------------------------------------------------------
Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications



Thanks in advance,
DHL Express International Inc

The infected message subject will be "Express Parcel Tracking Notification TPY1-9305291522859".

                  When the infected e-mail attachment within the ZIP file is executed, it copies to C:\Documents and Settings\All Users\svchost.exe and modifies the registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to load automatically on next startup.

                  It also connects to remote servers and installs several malicious programs in the infected system. The downloaded malware will be adware, keyloggers and fake security products.  Trojan.Win32.Zbot.Pda is also known as Win32/TrojanDownloader.Wauchos.A, Trojan-Dropper:W32/Agent.DUDI, PWS-Zbot.gen.akg, TROJ_GEN.F06EZHC, Worm:Win32/Gamarue.F, Downloader.Dromedan.

How can I protect my system?

                   Solo has incorporated Trojan.Win32.Zbot.Pda from this trojan attack. Solo antivirus registered users are already protected from this trojan. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Trojan?

                   If you are already infected with this trojan, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove Trojan.Win32.Zbot.Pda and its variants safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link