Threat Search: 

ThreatExpert's Statistics for PWS:Win32/Zbot.PG [Microsoft]:

PWS:Win32/Zbot.PG [Microsoft] is also known as:
Threat AliasNumber of Incidents
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]285
Mal/Zbot-O [Sophos]283
Packed.Generic.232 [Symantec]247
HeurEngine.MaliciousPacker [PC Tools]102
Trojan-Spy.Win32.Zbot [Ikarus]69
Infostealer.Banker.C [Symantec]46
BackDoor-DKI.gen.bf [McAfee]40
Win32/IRCBot.worm.variant [AhnLab]24
Mal/EncPk-HZ [Sophos]12
Mal/Generic-A [Sophos]11
FakeAlert-DA [McAfee]6
Mal/EncPk-IF [Sophos]6
Packed.Generic.233 [Symantec]6
PWS.Win32 [Ikarus]6
Trojan Horse [Symantec]6
Trojan.Win32.FakeXPA [Ikarus]4
Trojan-PSW.Banker [PC Tools]4
Trojan-Spy.Win32.Zbot.tpj [Kaspersky Lab]4
W32/Koobface.worm.gen.o [McAfee]4
Generic PWS.y!g [McAfee]3
Win-Trojan/Zbot.62976.X [AhnLab]3
Win-Trojan/Zbot.65536.D [AhnLab]3
Backdoor.Win32.GrayBird.el [Ikarus]2
Backdoor.Win32.Hupigon.bwk [Kaspersky Lab]2
Generic FakeAlert.d!gen [McAfee]2
Generic Packed.a [McAfee]2
Mal/Behav-204 [Sophos]2
Mal/EncPk-IB [Sophos]2
Mal/EncPk-IF, Mal/EncPk-HH [Sophos]2
Mal/EncPk-IV, Mal/EncPk-IF, Mal/EncPk-HH [Sophos]2
Mal/EncPk-JW [Sophos]2
Mal/EncPk-LT, Mal/FakeAV-BX, Mal/FakeDouf-B, Mal/EncPk-MC, Mal/EncPk-MA [Sophos]2
Mal/FakeAV-BR [Sophos]2
Mal/Generic-A, Mal/Zbot-O [Sophos]2
Mal/Krap-B, Mal/BredoPk-B [Sophos]2
Mal/WaledPak-D [Sophos]2
New Malware.cn [McAfee]2
not-a-virus:FraudTool.Win32.SpywareProtect2009 [Ikarus]2
Packed.Generic.269 [Symantec]2
Packed.Win32.Krap.ah [Kaspersky Lab]2
Packed.Win32.Krap.w [Kaspersky Lab]2
PWS-Zbot [McAfee]2
Trojan.Generic [PC Tools]2
Trojan.Win32.Agent.cbxa [Kaspersky Lab]2
Trojan.Win32.Agent.cdkn [Kaspersky Lab]2
Trojan.Win32.Winwebsec [Ikarus]2
Trojan-Banker.Win32.Bancos [Ikarus]2
Trojan-Spy.Banker!sd6 [PC Tools]2
Trojan-Spy.Win32.Zbot.aabx [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.abxy [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.sov [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.spu [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.ssl [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.tmm [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.uje [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.vne [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.wuw [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.wxb [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.wyi [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.yhz [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.zuo [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.zvt [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.zzg [Kaspersky Lab]2
Trojan-Spy.Zbot [Ikarus]2
Trojan-Spy.Zbot!sd6 [PC Tools]2
Win-Trojan/Zbot.62976.S [AhnLab]2
Win-Trojan/Zbot.62976.U [AhnLab]2
Win-Trojan/Zbot.64000.C [AhnLab]2
Win-Trojan/Zbot.66048.I [AhnLab]2
Win-Trojan/Zbot.67072.E [AhnLab]2
Win-Trojan/Zbot.83456.D [AhnLab]2
Generic PWS.y!bfo [McAfee]1
Generic PWS.y!h [McAfee]1
Generic PWS.y!if [McAfee]1
Generic PWS.y!mf [McAfee]1
Generic PWS.y!q [McAfee]1
Mal/Behav-321 [Sophos]1
Packed.Win32.Krap [Ikarus]1
Trojan.Agent!sd6 [PC Tools]1
Trojan.Crypt [Ikarus]1
Trojan.Win32.Agent [Ikarus]1
Trojan-Spy.Win32.Zbot.zcd [Kaspersky Lab]1
Win-Trojan/ZBot.62464.C [AhnLab]1
Win-Trojan/Zbot.63488.AN [AhnLab]1
Win-Trojan/ZBot.63488.B [AhnLab]1
Win-Trojan/Zbot.63488.Q [AhnLab]1
Win-Trojan/Zbot.63488.Y [AhnLab]1
Win-Trojan/Zbot.63488.Z [AhnLab]1
Win-Trojan/ZBot.64000.I [AhnLab]1
Win-Trojan/ZBot.64000.O [AhnLab]1
Win-Trojan/Zbot.64000.X [AhnLab]1
Win-Trojan/Zbot.65024.Q [AhnLab]1

PWS:Win32/Zbot.PG [Microsoft] has the following possible country of origin:
OriginNumber of Incidents
Russian Federation6

PWS:Win32/Zbot.PG [Microsoft] is known to be created as:
%System%\sdra64.exe
%Temp%\0.exe
%Temp%\090430-2-5.exe
%Temp%\090614-2-0.exe
%Temp%\1111.exe
%Temp%\2.exe
%Temp%\283899.exe
%Temp%\assist.exe
%Temp%\crypted.exe
%Temp%\fah_.exe
%Temp%\filetransfer.exe
%Temp%\services.exe
%Temp%\tmp.exe
Notes:
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).