Removed: emics.exe (trojan Zeus/Zbot)

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Malware: C:\sand-box\aol.exe

Removed: C:\Documents and Settings\Administrator\Application Data\Sowa\emics.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: {1E0071A1-9DB5-7E90-C109-D6897D07636F}
Author: Unknown
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SOWA\EMICS.EXE (random filename)
Type: Registry Run

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Classification:


Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.05.11 Backdoor.Bot.121242
Kaspersky 7.0.0.125 2010.05.11 Packed.Win32.Krap.gx
Microsoft 1.5703 2010.05.11 PWS:Win32/Zbot.gen!Y
NOD32 5106 2010.05.11 Win32/Spy.Zbot.YW

—————————————————————————————————————————-
Additional information
File size: 127010 bytes
MD5 : 7b7d3bc35365b6e7393e1d22f07f6240
SHA1 : 56a087620317394a353e56ef6e78fa44425d382f
SHA256: e91c32330e5b4f48d207cda86cf60d674583cb97e0449128afb0a7c4f5ca00ea
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:2
———————————-
HKCU\Software\Microsoft\Internet Explorer\Privacy
HKCU\Software\Microsoft\Zeikga

———————————-
Values added:5
———————————-
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\explorer.exe: “C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer”
HKCU\Software\Microsoft\Internet Explorer\Privacy\CleanCookies: 0×00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\{1E0071A1-9DB5-7E90-C109-D6897D07636F}: “”C:\Documents and Settings\Administrator\Application Data\Sowa\emics.exe””
HKCU\Software\Microsoft\Zeikga\Piazreaz: 00 8C 94 /…/ 8A 62 CA
HKCU\Software\Microsoft\Zeikga\Alasrynue: 91 44 89 /…/ 45 FD 86

———————————-
Values modified:10
———————————-
(-) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\Enabled: 0×00000001
(+) HKCU\Software\Microsoft\Internet Explorer\PhishingFilter\Enabled: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609: 0×00000001
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406: 0×00000001
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1406: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609: 0×00000001
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1406: 0×00000003
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1406: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609: 0×00000001
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406: 0×00000003
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609: 0×00000001
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406: 0×00000003
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406: 0×00000000
(-) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609: 0×00000001
(+) HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1609: 0×00000000

———————————-
Files added:1
———————————-
C:\Documents and Settings\Administrator\Application Data\Sowa\emics.exe

———————————-
Files deleted:1
———————————-
C:\sand-box\aol.exe

———————————-
Folders added:2
———————————-
C:\Documents and Settings\Administrator\Application Data\Qozugy
C:\Documents and Settings\Administrator\Application Data\Sowa

———————————-
Total changes:21
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...