2 responses on “KB00931844.EXE – Trojan ZBot”

1. Jesús Delgadillo June 10, 2015 at 19:30

   No, It depends where you got the file from. How do I know that? Well, this is/used to be an open-source software, not allowed to include malware, spyware, adware or anything similar, the developers are concerned and care about the utility.

   If you got the file from this website: https://tuts4you.com/download.php?view.398 (tuts 4 you), the file is filled with Trojans and sure many others risks.

   If you got the file from a website like this: peid.waxoo.com/ , the file is intrusion-free, no malware, no spyware, no adware, no viruses, clean.
   Even knowing this, the utility called Obfuscator.C isn’t truly a risk, it’s flagged like one because it’s a deobfuscater tool and might be used for revealing code from many .exe and .dll files, this way If you know coding you can crack the antivirus and many other windows software (by example), a true risk for companies, they tremble when hearing about it.
   Having knowledge about what this utility does, someone could have rewritten it and filled with security-risk coding. A great tool, a both-sides sharped edges knife.

   In conclusion, download this utility from a website you are really sure you can trust in (by example the official page that is dead at this time). Don’t download it from websites filled with supposed software crack tools, lots of fake ads, links targeting to false downloads or simultaneous adfly-like sponsored pages.

   Use the tool at your own risk, you have the power, be responsible of what you do (or you might do).

   Log in to Reply
   1. Dmitrys June 11, 2015 at 10:48

      I agree with you.
      It is false positive:
      https://www.virustotal.com/en/file/e13171d50f45a79bc09b9e4b9ffa38eb02301aca94a1867a9bf8acccc3759030/analysis/

      Log in to Reply