How to Remove a Trojan Zbot

Written by kefa olang
  • Share
  • Tweet
  • Share
  • Pin
  • Email
How to Remove a Trojan Zbot
(Jupiterimages/BananaStock/Getty Images)

Trojan.zbot (aka Zeus) is a Trojan Horse that secretly installs on your computer and then tries to steal personal information. The Trojan also downloads configuration files and updates from the Internet. Trojan.zbot affects Windows Vista and prior Windows operating systems. Because Trojan.zbot interferes with computer privacy and security, remove it quickly and safely.

Skill level:
Easy

Other People Are Reading

Instructions

  1. 1

    Disable System Restore if you are using Windows XP. To do so, launch the System Properties dialogue box by clicking the "Start" menu, right-clicking "My Computer" and then clicking "Properties." Click the "System Restore" tab, and click the "Turn off System Restore" check box. Click "Apply," then "Yes" and finally click "OK" to save your changes.

  2. 2

    Launch your antivirus program, update it by selecting the "Update" option and then run a full system scan. Delete any parasites your program detects. Consider free antivirus programs such as Avira, avast! or AVG if you do not have an antivirus program (see Resources).

  3. 3

    Click the "Start" menu, click "Run" or "Start Search," type "Regedit" (without quotes) in the open box and press "Enter." This launches the Registry Editor.

  4. 4

    Click the "HKEY_CURRENT_USER" folder to expand it. Expand the "SOFTWARE" folder, the "Microsoft" folder, the "Windows" folder, the "CurrentVersion" folder and finally expand the "Run" folder. Right-click the ”userinit” = “%UserProfile%\Application Data\sdra64.exe” entry and click "Delete."

    Delete the following entries as well: ”userinit” = “%UserProfile%\Application Data\oembios.exe” ”userinit” = “%UserProfile%\Application Data\ntos.exe” ”userinit” = “%UserProfile%\Application Data\twext.exe”

  5. 5

    Navigate to the following entries (following the same procedure in Step 4).

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\sdra64.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\oembios.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\ntos.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, %System%\twext.exe"

    Double-click each entry and enter the original value in the "Value data" box.

  6. 6

    Close the Registry Editor and re-enable System Restore if you are using Windows XP.

Don't Miss

Filter:
  • All types
  • Articles
  • Slideshows
  • Videos
Sort:
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the eHow.co.uk site, you consent to the use of cookies. For more information, please see our Cookie policy.