Remove Zbot trojan included on 'eFax Corporate' spam message

In the last month, a new fake email message was spread on the internet. This spam email message was sent by Efax Corporate and informs you that you have received a new fax message. The fake email includes also a zip attachment named “FAX_298139_1908290.zip” (the name varies) with an executable file on it. If the recipient executes* the attachment file, then his computer is infected with Zbot Trojan.

Trojan Zbot  (also known as PWS:Win32/Fareit.gen!I ) is a malicious program and upon installed on your computer, it tries to steal your personal information and passwords.

Notice*: Pay attention when executable programs are included in email attachments.

If you are infected with “Zbot trojan” horse then you must remove it as soon as possible, by following the steps bellow.

FAKE!!! eFax Corporate message:

{ Received: from [204.11.172.166 ([204.11.172.166:58387] helo=latf1.efax.com)
From: eFax Corporate message@inbound.efax.com
Subject: Corporate eFax message from "479-773-4548" – 15 page(s)
You have received a 15 page(s) fax at 2013-03-13 02:14:32 EST.
* The reference number for this fax is latf1_did11-1232614455-1028262217-15.
Please visit  www.efaxcorporate.com/corp/twa/page/customerSupport if you have any questions regarding this message or your service. You may also e-mail our corporate support department at  corporatesupport@mail.efax.com. Thank you for using the eFax Corporate service!)

(Sample) Attachment file name: FAX_298139_1908290.zip

image

 

How to completely remove Trojan ZBOT (PWS:Win32/Fareit.gen!I )

Step 1. Clean your computer from malicious threats.

Download and install MalwareBytes Antimalware*

*If you don't know how to install and use "MalwareBytes Anti-Malware", read these instructions.

1. Run MalwareBytes Antimalware and perform a quick scan:

2. When the scanning is completed, press the "Show results" button to view and remove the malicious threats.

image

3c. At the "Show Results" window check – using your mouse's left button- all the infected objects and then choose the "Remove Selected" option and let the program remove the selected threats.

image

3d. When the removal of the infected objects process is complete, "Restart your system to remove all active threats properly"

image

4. Important: To ensure your computer is clean and safe, perform a full scan using Malwarebytes Anti-Malware, in Windows "Safe Mode".*

*To get into Windows Safe mode, press the "F8" key as your computer is booting up, before the appearance of the Windows logo. When the "Windows Advanced Options Menu" appears on your screen, use your keyboard arrows keys to move to the Safe Mode option and then press "ENTER".

Step 2. Perform a full scan with your antivirus program.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free: