How to Remove a Trojan Zbot

by Kefa Olang

Trojan.zbot (aka Zeus) is a Trojan Horse that secretly installs on your computer and then tries to steal personal information. The trojan also downloads configuration files and updates from the Internet. Trojan.zbot affects Windows Vista and prior Windows operating systems. Because Trojan.zbot interferes with computer privacy and security, remove it quickly and safely.

1

Disable System Restore if you are using Windows XP. To do so, launch the System Properties dialog box by clicking the "Start" menu, right-clicking "My Computer" and then clicking "Properties." Click the "System Restore" tab, and click the "Turn off System Restore" check box. Click "Apply," then "Yes" and finally click "OK" to save your changes.

2

Launch your anti-virus program, update it by selecting the "Update" option and then run a full system scan. Delete any parasites your program detects. Consider free anti-virus programs such as Avira, avast! or AVG if you do not have an anti-virus program (see Resources).

3

Click the "Start" menu, click "Run" or "Start Search," type "Regedit" (without quotes) in the open box and press "Enter." This launches the Registry Editor.

4

Click the "HKEY_CURRENT_USER" folder to expand it. Expand the "SOFTWARE" folder, the "Microsoft" folder, the "Windows" folder, the "CurrentVersion" folder and finally expand the "Run" folder. Right-click the ”userinit” = “%UserProfile%\Application Data\sdra64.exe” entry and click "Delete."

Delete the following entries as well: ”userinit” = “%UserProfile%\Application Data\oembios.exe” ”userinit” = “%UserProfile%\Application Data\ntos.exe” ”userinit” = “%UserProfile%\Application Data\twext.exe”

5

Navigate to the following entries (following the same procedure in Step 4).

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\sdra64.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\oembios.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\ntos.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\twext.exe"

Double-click each entry and enter the original value in the "Value data" box.

6

Close the Registry Editor and re-enable System Restore if you are using Windows XP.

About the Author

Kefa Olang has been writing articles online since April 2009. He has been published in the "Celebration of Young Poets" and has an associate degree in communication and media arts from Dutchess Community College, and a bachelor's degree in broadcasting and mass communication from the State University of New York, Oswego.

Photo Credits

  • photo_camera Jupiterimages/BananaStock/Getty Images