PWS:Win32/Zbot.AHD is trojan that allows unauthorized access and control of your computer, and steals your valuable information, such as passwords.  PWS:Win32/Zbot.AHD is created by kits known as "Zeus" which are bought and sold on the Internet black market.

PWS:Win32/Zbot.AHD is widespread. It has been distributed and installed on user's computers in several different ways, including:

• Downloaded by other malware such as Win32/Bredolab, Win32/Kelihos, Win32/Waledac, Exploit:Win32/CplLnk, and variants of Win32/Cutwail. 
• Downloaded as a payload for exploit kits such as blackhole (we detect this as Blacole), and for exploits including Exploit:Java/CVE-2012-0507, Exploit:Java/CVE-2012-1723, Exploit:Java/CVE-2013-0422, and Exploit:Win32/Pdfjsc.
• Spammed out attached to email

Visit the Win32/Zbot family description for more details about how this malware is distributed.

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• JDK and JRE 7 Update 2 and earlier Java SE
• JDK and JRE 6 Update 30 and earlier Java SE
• JDK and JRE 5.0 Update 33 and earlier Java SE
• SDK and JRE 1.4.2_35 and earlier Java SE
• JavaFX 2.0.2 and earlier JavaFX

To check if you're running a vulnerable version of Java:

1. In Control Panel, double-click Programs.
2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Find out ways that malware can get on your PC.

Trojan:Win32/EyeStye.N is a trojan that logs keystrokes, monitors Internet activity and steals certain log on credentials, then sends the captured data to a remote attacker for financial gain. The trojan may download additional malware, lower web browser security and use a rootkit to hide its malicious activity.

Microsoft security software detects and removes this threat.

This family of trojans can steal your personal and financial information, and give a malicious hacker access and control of your PC. They can also lower your Internet browser security and turn off your firewall.

We have seen these threats download other malware, including threats from the Win32/Crilock and Win32/Necurs families. Crilock ransomware can encrypts your files and then demand money to unlock them. Necurs malware can disable your security software and redirect your web browser.

Win32/Zbot can be installed on your PC via spam emails and hacked websites, or packaged with other malware families.

Find out ways that malware can get on your PC.