We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
PWS:Win32/Zbot.SZ
Detected by Microsoft Defender Antivirus
Aliases: Zeus 2.0 (other) TR/Spy.Zbot.DX.2 (BitDefender) Trojan.Packed.19696 (Dr.Web) Win32/Spy.Zbot.YW (ESET) Mal/EncPk-NS (Sophos) TSPY_ZBOT.ZM (Trend Micro) Virtool:Win32/Obfuscator.IQ (other)
Summary
PWS:Win32/Zbot.SZ is a detection for a password stealer and remote access trojan. The trojan is installed by other malware.
To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Additional remediation instructions for PWS:Win32/Zbot.SZ
This threat may make lasting changes to a computer’s configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
- Configuring Security Zone settings for Internet Explorer:
- For Windows 7: http://windows.microsoft.com/en-us/Windows7/Change-Internet-Explorer-Security-settings
- For Internet Explorer 7 and 8 in Windows Vista: http://windows.microsoft.com/en-us/windows-vista/Change-Internet-Explorer-Security-settings
- For Internet Explorer 6: http://support.microsoft.com/kb/174360
- Enabling the Phishing Filter in Internet Explorer 7 and 8: http://support.microsoft.com/kb/930168
- For other support and help related articles, go to:
- Windows 7: http://support.microsoft.com/gp/windows7
- Windows Vista: http://support.microsoft.com/ph/11732
- Windows XP: http://support.microsoft.com/ph/1173
- Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx
Follow us
