ThreatExpert's Statistics for PWS:Win32/Zbot.gen!B [Microsoft]:

PWS:Win32/Zbot.gen!B [Microsoft] is also known as:

Threat Alias	Number of Incidents
Infostealer.Banker.C [Symantec]	54
PWS-Zbot.gen.c [McAfee]	33
Win32/IRCBot.worm.variant [AhnLab]	30
Mal/EncPk-CZ [Sophos]	20
FakeAlert-DA [McAfee]	14
Trojan-Spy.Win32.Zbot [Ikarus]	13
Trojan-PSW.Banker [PC Tools]	12
Backdoor.Paproxy [Symantec]	8
Trojan Horse [Symantec]	8
Trojan.Zlob [Symantec]	8
PWS-Zbot [McAfee]	7
Downloader [Symantec]	6
Downloader-BON [McAfee]	6
Generic PWS.y [McAfee]	6
Spy-Agent.bw [McAfee]	6
TROJ_FAKEAV.EH [Trend Micro]	6
Trojan.Win32.FraudPack.gen [Kaspersky Lab]	6
Trojan-Spy.Win32.Zbot.egf [Kaspersky Lab]	6
Trojan-Spy.Win32.Zbot.ejy [Kaspersky Lab]	6
Mal/EncPk-HF, Mal/EncPk-CZ [Sophos]	5
Mal/EncPk-HP [Sophos]	5
Mal/EncPk-KP, Mal/EncPk-IF [Sophos]	5
Packed.Generic.233 [Symantec]	5
TROJ_FAKEALE.SMB [Trend Micro]	5
Trojan.Win32.FraudPack.unf [Kaspersky Lab]	5
Mal/EncPk-HF, Mal/EncPk-CZ, Mal/TibsPak [Sophos]	4
Mal/EncPk-IF [Sophos]	4
Mal/FakeAV-BX, Mal/FakeAV-BT, Mal/EncPk-IF [Sophos]	4
Spy-Agent.cf [McAfee]	4
Troj/PWS-ATH [Sophos]	4
TROJ_FAKEALE.AL [Trend Micro]	4
Trojan.Generic [PC Tools]	4
Trojan-Spy.Win32.Zbot.egf [Ikarus]	4
Trojan-Spy.Win32.Zbot.eks [Kaspersky Lab]	4
Trojan-Spy.Win32.Zbot.etl [Kaspersky Lab]	4
Trojan-Spy.Win32.Zbot.ezl [Kaspersky Lab]	4
TSPY_ZBOT.MCS [Trend Micro]	4
TSPY_ZBOT.TD [Trend Micro]	4
Mal/Generic-A [Sophos]	3
PWS.Win32 [Ikarus]	3
Trojan.Win32.FraudPack [Ikarus]	3
Trojan.Win32.Winwebsec [Ikarus]	3
Trojan-Spy.Banker!sd6 [PC Tools]	3
Trojan-Spy.Win32.Zbot.roh [Kaspersky Lab]	3
Trojan-Spy.Zbot!sd6 [PC Tools]	3
AntiVirus2008 [Symantec]	2
BKDR_ZBOT.FI [Trend Micro]	2
Downloader.MisleadApp [PC Tools]	2
Downloader.MisleadApp [Symantec]	2
Hatigh [McAfee]	2
Mal/EncPk-HF [Sophos]	2
Mal/EncPk-HZ [Sophos]	2
Mal/EncPk-IF, Mal/EncPk-HH [Sophos]	2
Mal/EncPk-NP, Mal/FakeAV-BT [Sophos]	2
Mal/FakeVirPk-A, Mal/TibsPk-D [Sophos]	2
Mal/Zbot-D [Sophos]	2
Troj/FakeAle-LE [Sophos]	2
TROJ_AGENT.DAM [Trend Micro]	2
TROJ_ZBOT.XK [Trend Micro]	2
Trojan.Adclicker [PC Tools]	2
Trojan.Adclicker [Symantec]	2
Trojan.Zlob!sd6 [PC Tools]	2
Trojan-Spy.Win32.Zbot.anp [Ikarus]	2
Trojan-Spy.Win32.Zbot.eev [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.egv [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ehx [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.eit [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ejx [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ekc [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.enh [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.eog [Ikarus]	2
Trojan-Spy.Win32.Zbot.eog [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ern [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ert [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.eto [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.eug [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ezb [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.nm [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.oju [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.pxd [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.qku [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.ria [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.vsd [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.vvi [Kaspersky Lab]	2
TSPY_ZBOT.ST [Trend Micro]	2
TSPY_ZBOT.WL [Trend Micro]	2
Virus.Win32.Enteos [Ikarus]	2
W32/Zbot-CX [Sophos]	2
Win-Trojan/Fraudload.57856.BD [AhnLab]	2
Backdoor.Paproxy!sd6 [PC Tools]	1
Dropper/Mudrop.69632.F [AhnLab]	1
Generic FakeAlert!ee [McAfee]	1
Generic Malware.ic [McAfee]	1
Generic PWS.y!p [McAfee]	1
Mal/FakeAV-BT, Mal/FakeAV-BX, Mal/EncPk-IF, Mal/EncPk-HH [Sophos]	1
Mal/Generic-A, Mal/EncPk-HP [Sophos]	1
Mal/Generic-A, Mal/FakeAV-BT, Mal/FakeAV-BX, Mal/EncPk-IF, Mal/EncPk-HH [Sophos]	1
Packed.Generic.187 [Symantec]	1
Troj/Agent-HOB [Sophos]	1
Troj/Agent-HQD [Sophos]	1

PWS:Win32/Zbot.gen!B [Microsoft] has the following possible country of origin:

Origin		Number of Incidents
	Russian Federation	49

PWS:Win32/Zbot.gen!B [Microsoft] is known to be created as:

%System%\ntos.exe

%System%\oembios.exe

%Temp%\6_ldr.exe

%Temp%\ldr.exe

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).