ZBot病毒查杀工具(ZBot Trojan Remover)

应用介绍

ZBotTrojanRemover可以检测并查杀ZBot变种木马病毒，这病毒可以从网站上窃取用户的银行信息，信用卡信息和paypal账户的登录凭据。

病毒样本：

MalwareAnalyzerbyHXAnalysisstartedMD5:2BB9A1C4B35719ABD022C605A546D6C4Executing-\Device\HarddiskVolume3\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe(PID:13440)Command-line:"C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exe"C:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exeWriteFile,C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exeC:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exeWriteRegistryKey,Software\MicrosoftC:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exeWriteRegistryKey,JuatC:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exeDeleteFile,C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exeC:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exeWriteFile,C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exeC:\Users\Gateway\Desktop\2BB9A1C4B35719ABD022C605A546D6C4.exeWriteFile,C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exeExecuting-\Device\HarddiskVolume3\Sandbox\Gateway\Analyzer\user\current\AppData\Roaming\Gola\xyeq.exe(PID:16540)Command-line:"C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe"C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exeWriteRegistryKey,Software\Microsoft\JuatC:\Users\Gateway\AppData\Roaming\Gola\xyeq.exeWriteRegistryKey,f62bfiC:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Windows\System32\taskhost.exe(PID:1992)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Windows\System32\dwm.exe(PID:2976)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Users\Gateway\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(PID:3484)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles(x86)\Google\Drive\googledrivesync.exe(PID:3496)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles\Sandboxie\SbieCtrl.exe(PID:3524)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles(x86)\Evernote\Evernote\EvernoteClipper.exe(PID:3584)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,K:\ProgramFiles(x86)\KasperskyLab\KasperskyEndpointSecurity8forWindows\avp.exe(PID:3592)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Users\Gateway\Desktop\goagent-goagent-a51d6a2\local\goagent.exe(PID:3600)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Windows\System32\conhost.exe(PID:3608)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles\BOINC\boincmgr.exe(PID:3696)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Users\Gateway\Desktop\goagent-goagent-a51d6a2\local\python27.exe(PID:3704)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles\BOINC\boinctray.exe(PID:3776)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,K:\SkyDrive\Programs\VB\Sherlogger\Sherlogger.exe(PID:3840)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,K:\ProgramFiles(x86)\BaiduYun\baiduyun.exe(PID:3868)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles(x86)\Google\Drive\googledrivesync.exe(PID:3952)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles\BOINC\boinc.exe(PID:3964)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Windows\System32\conhost.exe(PID:3972)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramFiles(x86)\alipay\SafeTransaction\AlipaySafeTran.exe(PID:17800)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_dsfl_vina_6.25_windows_x86_64(PID:57092)C:\Users\Gateway\AppData\Roaming\Gola\xyeq.exe(PID:16540)AccessPROTECTEDProgram,C:\Windows\System32\conhost.exe(PID:58156)Rollingback...AnalysisendedReason:MalwaredetectedandrolledbackAnomalies:-Modifiesprotectedresource.Theexecutablemodifiesimportantresources(files,processes,etc.)

Tags:病毒查杀.