- Cant change my homepage
- Connects to the internet without permission
- Installs itself without permissions
- Slow Computer
- Slow internet connection
- System crashes
These days we have to be very careful about when or how we reveal our passwords, but even if we do all we can, sometimes we cannot escape such infections as TrojanPWS.Zbot.y. This Trojan horse is a password stealer with backdoor features, which means that not only does the Trojan steal sensitive information from you, it also allows a hacker to access and control your computer.
No matter which way you get infected with TrojanPWS.Zbot.y, the installation process is still the same. Once the Trojan is run it copies itself to the System directory and adds additional entries in the system Registry to ensure that the program starts automatically whenever the computer is turned on. Also, TrojanPWS.Zbot.y is able to hijack legitimate system processes in order to hide itself from security products or simply hinder the malware removal. TrojanPWS.Zbot.y starts with injecting a malicious code into winlogon.exe process and then it subsequently other system processes as well, including explorer.exe, svchost.exe, lsass.exe and so on.
Once TrojanPWS.Zbot.y makes sure that it is protected from instant removal, it proceeds with its main mission - stealing sensitive information. To be more exact the Trojan is looking for cookies, web browser passwords and website certificates. It also has been noticed that TrojanPWS.Zbot.y usually targets websites related to Bank of America. The Trojan is also able to monitor and analyze e-mail and FTP traffic so it could get a hold of FTP login details and e-mail addresses.
All of the Trojan's activity occurs behind user's back, especially as TrojanPWS.Zbot.y connects to a remote server at 220.127.116.11 via port 80 and downloads even more configuration data. Since TrojanPWS.Zbot.y can function as a backdoor as well, it can easily download additional malware onto your computer.
TrojanPWS.Zbot.y is able to rename itself in order to remain in the system for as long as possible. Not to mention that it blocks particular URLs and establishes a Socks proxy. To put it simply - TrojanPWS.Zbot.y totally destroys your system's security, stealing information that rightfully belongs to you and only you.
If you want to avoid being robbed by cyber criminals who created this infection, you need to remove TrojanPWS.Zbot.y from your computer right now. Of course, if you are just an average computer user deleting TrojanPWS.Zbot.y on your own is out of question, but you can always acquire a computer security tool that will terminate the Trojan for you automatically and you will no longer have to worry about it.