Aliases: Zeus (other) Wsnpoem (Symantec) Citadel (other)
This family of trojans can steal your personal and financial information, and give a malicious hacker access and control of your PC. They can also lower your Internet browser security and turn off your firewall.
We have seen these threats download other malware, including threats from the Win32/Crilock and Win32/Necurs families. Crilockransomware can encrypts your files and then demand money to unlock them. Necurs malware can disable your security software and redirect your web browser.
Win32/Zbot can be installed on your PC via spam emails and hacked websites, or packaged with other malware families.
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find other, hidden malware.
Protect your sensitive information
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
Prevent malware infections from spam emails
- For enterprise users:
- Follow the appropriate Exchange Online Protection instructions to suit your business needs.
- Learn about how Office 365 can help you block spam using machine learning. See First look at Advanced Threat Protection: new tools to stop unknown malware & phishing attacks for details.
- Be aware of the dangers in opening suspicious emails. Don't open email attachments or links from untrusted sources.
- The Microsoft SmartScreen filter can also help detect spam. It’s built-in and enabled by default in Microsoft email programs.
- Submit spam and non-spam messages to Microsoft for analysis.
Get more help
If you’re using Windows XP, see our Windows XP end of support page.