I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
Trojan ZBot
Also known as: Trojan Kryptik, Virus Sality
SHA256: b3cfe96900a37e6d303d3d35e9a68adc393682b15f32716f228122a7cc84b921
SHA1: 2c803182f7f7a46e3e68707141970a1a2c165673
MD5: 6a6a779521ea17ffe02ed8e4d675dc12
File size: 505480 bytes
Created files:
%WinDir%\Installer\{5CB2C217-250A-0C2F-4842-2ED628220EBA}\syshost.exe – Trojan ZBot
%SysDir%\drivers\4ab12a.sys – Trojan ZBot
Trojan ZBot created autostart registry keys:
HKLM\System\CurrentControlSet\Services\4ab12a\Type: 01000000
HKLM\System\CurrentControlSet\Services\4ab12a\Start: 01000000
HKLM\System\CurrentControlSet\Services\4ab12a\DisplayName: syshost.exe
HKLM\System\CurrentControlSet\Services\4ab12a\ImagePath: %WinDir%\System32\drivers\4ab12a.sys
HKLM\System\CurrentControlSet\Services\syshost32\Type: 10000000
HKLM\System\CurrentControlSet\Services\syshost32\Start: 02000000
HKLM\System\CurrentControlSet\Services\syshost32\ImagePath: “%WinDir%\Installer\{5CB2C217-250A-0C2F-4842-2ED628220EBA}\syshost.exe” /service
HKLM\System\CurrentControlSet\Services\syshost32\a9ae6b17c5a5d8d6: D6FAB61A88E2532F
HKLM\System\CurrentControlSet\Services\syshost32\7407fdfc5e97ab48: 56C9E0A84878C8F8758AAB50
HKLM\System\CurrentControlSet\Services\syshost32\ee57f03d4932cff6: 8CDAD6FAA1B8A259352E7D0AD2D0AEBBB361D1137B63BDFB995312DC8C94E52A999E1B9DFBF9953F7632220E46A03995C7E2EED48729AE14476B784B06AE2C82C7F5B59DDF37F4531875251259EA38D991B3DBF0DE6EE24A4C75794203B4248FD8E8E6D48020AE0B593931131BF87FD4D9A9BE95C634F55D1F5A567A369A123BD838