Remove Zbot trojan embedded in “eFax Corporate” spam message – wintips.org

In the last month, a new email scam has hit the internet. This spam e-mail message is sent by Efax Corporate and informs you that a new fax message has arrived. The fake email also contains a zip attachment called “FAX_298139_1908290.zip” (name varies) containing an executable file. When the recipient application executes the file*, their computer is infected with the Zbot Trojan.

Trojan Zbot (also known as PWS:Win32/Fareit.gen!I) is a malware that, once installed on your computer, tries to steal your personal information and passwords.

Note*: Note that executables are included in the email attachment.

If you are infected with the Zbot Trojan, you should remove it as soon as possible by following the steps below.

FAKE!!! eFax corporate message:

{ Received: from [204.11.172.166 ([204.11.172.166:58387] helo=latf1.efax.com)
From: eFax Corporate message@inbound.efax.com
Topic: Corporate eFax from “479-773-4548” – 15 page(s)
Received 15 page(s) fax at 2013-03-13 02:14:32.
* The reference number for this fax is: latf1_did11-1232614455-1028262217-15.
If you have any questions about this message or your service, please visit www.efaxcorporate.com/corp/twa/page/customerSupport. You can also email corporate support corporatesupport@mail.efax.com. Thank you for using eFax corporate service!)

(Sample) Attachment file name: FAX_298139_1908290.zip

image

How to completely remove ZBOT Trojan (PWS:Win32/Fareit.gen!I )

Step 1. Clean your computer from malicious threats.

Download and install MalwareBytes Antimalware*

*If you don’t know how to install and use”MalwareBytes Anti-Malware“, read these instructions.

1. Run MalwareBytes Antimalware and run a quick scan:

2. When the scan is complete, “Show resultsClick ” to view and remove malicious threats.

image

3c. In the Show Results window check – using the left mouse button – all infected objects and then select “Remove the selection” option and allow the program to remove the selected threats.

image

3d. When the process of removing infected items is complete, “Restart your system to properly remove all active threats

image

4. Important: To keep your computer clean and safe, Run a full scan with Malwarebytes Anti-Malware in Windows “Safe Mode”..*

*To enter Windows Safe Mode “F8Press the ” ” button when your computer is starting up before the Windows logo appears.Windows advanced options menu” appears on your screen, use the keyboard arrow keys to navigate Safe mode and then click “INTRODUCTION“.

Step 2. Run a full scan with your antivirus software.

If you found this article useful, please support us by donating. Even $1 can make a big difference for us We continue to help others while keeping this site free:

Leave a Comment