ZBot Removal Tool

Free utility to disinfect ZBot compromised computers

ZBot (also known as Zeus, ZeusBot or WSNPoem) is a Trojan horse engineered to steal sensitive data from compromised computers. While ZBot focuses mainly on the online banking details that users input on financial organizations’ pages, it also monitors system information and steals additional authentication credentials. The latest variants can also gather the history of the visited Web sites and other data users provide online, while also capturing screenshots of the their’ desktop.

ZBot is distributed mainly via spam campaigns and Web pages which host its malicious payload, usually under the guise of a popular legitimate application.

Once onto the system, ZBot modifies the files and folders’ structure, adds registry keys, injects code into several processes (such as winlogon.exe or svchost.exe) and adds exceptions to the Microsoft® Windows® Firewall, providing backdoor and server capabilities. It also sends sensitive information and listens on several ports for possible commands from the remote attackers’ command-and-control center. This allows cybercriminals to manage the Trojan in order to download and execute additional malicious payloads on or take control over the system, its actions including, without being limited to restarting and shutting down the affected computer.

For a comprehensive list of ZBot features and other technical description details, please check out the BitDefender Virus Encyclopedia.

As part of its ongoing efforts to inform, educate and help users worldwide in their fight against e-threats, BitDefender has created a ZBot Removal Tool. The removal tool checks users’ computers, detects and eliminates most of the ZBot variants spotted in the wild. It is available for download and use free of charges in the Removal Tools section of

However, ZBot is one of the most prolific breeds of malware and new variants appear every day. Thus, we strongly suggest computer users to regularly return to our ZBot Removal Tool page for additional updates of this ZBot Removal Tool. Users of the BitDefender antimalware suites are already protected by its state-of-the-art defensive technology.


The technical description and the removal tool referenced in this article are available courtesy of Bogdan Timofte, BitDefender Online Threats Researcher.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.