The worldwide web is the main source of malware. Malware can penetrate your computer as a result of the following actions:
To know what can threat your data you should know what malicious programs (Malware) exist and how they function. Malware can be subdivided in the following types:
Viruses: programs that infect other programs by adding to them a virus code to get access at an infected file start-up. This simple definition discovers the main action of a virus – infection. The spreading speed of viruses is lower than that of worms.
Worms: this type of Malware uses network resources for spreading. This class was called worms because of its peculiar feature to “creep” from computer to computer using network, mail and other informational channels. Thanks to it spreading speed of worms is very high.
Worms intrude your computer, calculate network addresses of other computers and send to these addresses its copies. Besides network addresses, the data of the mail clients' address books is used as well. Representatives of this Malware type sometimes create working files on system discs, but may not deploy computer resources (except the operating memory).
Trojans: programs that execute on infected computers unauthorized by user actions; i.e. depending on the conditions delete information on discs, make the system freeze, steal personal information, etc. this Malware type is not a virus in traditional understanding (i.e. does not infect other programs or data): Trojans cannot intrude the PC by themselves and are spread by violators as “useful” and necessary software. And still harm caused by Trojans is higher than of traditional virus attack.
Spyware: software that allows to collect data about a specific user or organization, who are not aware of it. You may not even guess about having spyware on your computer. As a rule the aim of spyware is to:
Collecting information is not the main function of these programs, they also threat security. Minimum two known programs – Gator and eZula – allow violator not only collect information but also control the computer. Another example of spyware are programs embedded in the browser installed on the computer and retransfer traffic. You have definitely come across such programs, when inquiring one address of a web-site, another web-site was opened. One of the spyware is phishing- delivery.
Phishing is a mail delivery whose aim is to get from the user confidential financial information as a rule. Phishing is a form of a social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The messages contain link to a deliberately false site where user is suggested to enter number of his/her credit card and other confidential information.
Adware: program code embedded to the software without user being aware of it to show advertising. As a rule adware is embedded in the software that is distributed free. Advertisement is in the working interface. Adware often gathers and transfer to its distributor personal information of the user.
Riskware: this software is not a virus, but contains in itself potential threat. By some conditions presence of such riskware on your PC puts your data at risk. To this software refer utilities of remote administration, programs that use Dial Up-connection and some others to connect with pay-per-minute internet sites.
Jokes: software that does not harm your computer but displays messages that this harm has already been caused, or is going to be caused on some conditions. This software often warns user about not existing danger, e.g. display messages about hard disc formatting (though no formatting is really happening), detect viruses in not infected files and etc.
Rootkit: these are utilities used to conceal malicious activity. They disguise Malware, to prevent from being detected by the antivirus applications. Rootkits can also modify operating system on the computer and substitute its main functions to disguise its presence and actions that violator makes on the infected computer.
Other malware: different programs that have been developed to create other Malware, organizing DoS-attacks on remote servers, intruding other computers, etc. Hack Tools, virus constructors and other refer to such programs.
Spam: anonymous, mass undesirable mail correspondence. Spam is political and propaganda delivery, mails that ask to help somebody. Another category of spam are messages suggesting you to cash a great sum of money or inviting you to financial pyramids, and mails that steal passwords and credit card number, messages suggesting to send them to your friends (messages of happiness), etc. spam increases load on mail servers and increases the risk lose information that is important for the user.
If you suspect that your computer is infected with viruses, we recommend you:
There is a number of signs or symptoms indicating that your computer is infected. If you have started to notice weird things happening on your PC, such as:
then it is likely that your computer is infected with malware.
Additional signs of email infections:
There are also indirect signs of a malware infection on your computer:
In 90% of cases, these indirect signs are caused by incorrect functioning of some hardware or software. Still, such signs have a little chance of being caused by an infection. If you experience any signs of this type, it is recommended to:
At present Kaspersky Lab analysts detect wide spread of Trojan programs of Trojan-Spy.Win32.Zbot family. These programs are used by cyber-criminals to steal any bank information from computers. As a rule the work of the malware cannot be visually traced and is thus hard to detect on a victim-computer which is not protected by an anti-virus program. Additionally these programs use rootkit technologies as self-defense to hide their executable files and processes.
Programs of Trojan-Spy.Win32.Zbot family usually penetrate your computer when you visit infected Internet pages. However each cyber-criminal finds his own way how to use this malware and how to make it penetrate your computer. You can secure your computer and your personal data from Trojan-Spy.Win32.Zbot by installing anti-virus software onto your PC and by updating the program regularly so that it would “know” new modifications of Trojan-Spy.Win32.Zbot . Kaspersky Lab applications will prevent your computer from being infected by Trojan-Spy.Win32.Zbot, and if your PC is already infected, will delete any traces of infection.
If you do not use any anti-virus programs you are strongly recommended to scan your computer for modifications of Trojan-Spy.Win32.Zbot with a special utility ZbotKiller.exe before you perform any online bank operations. If you detect any modifications, disinfect an infected system with the utility ZbotKiller.exe. This article describes where programs of the Trojan-Spy.Win32.Zbot family usually save their data (but these files may be hidden), and how the utility ZbotKiller.exe can be launched.
%windir%\system32 and %AppData% are Microsoft Windows system folders. Respective on the version of the OS installed, the path to these folders may vary:
The utility ZbotKiller.exe can be launched either locally or remotely, if Kaspersky Administration Kit is implemented in the network.
When the scan is over an active window of the command prompt may be displayed on your computer monitor, in order to minimize the window press any button. For the window of the command prompt to close automatically it is recommended to run the utility with the parameter –y.
In the field Executable file command line (optional) define the parameter –y to close the console window automatically once the utility work is over.
-y - ends program without pressing any key
-s - silent mode (without a black window)
-l <file name> - writes info into a log
-v - extended log maintenance (should be entered with the -l switch)
-help - shows additional information about the utility
For example, in order to scan a computer and to generate and write a detailed report into a file report.txt (which will be created in the setup folder of the utility ZbotKiller.exe), use the following command:
zbotkiller.exe -y -l report.txt -v
The parameter –y used in the command prompt will close the console window automatically once the utility work is over.
Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate
Leave your feedback, max. 500 characters
Thank you for submitting your feedback.
We will review your feedback shortly.