Last updated on March 30th, 2014
Trojan PWS-Zbot is a dangerous malicious Rootkit and keylogger program that hides its existence from detection (and removal) and once it infects a computer, it can steal personal information by capturing user’s keystrokes and private data like usernames, passwords or credit card numbers. If a computer is infected with Trojan PWS-Zbot, then the antivirus security is disabled on it and the computer speed is decreased dramatically due to malicious programs running on the background. PWS-Zbot Trojan can infect your computer if you visit a malicious website or if you open an infected email attachment from an unknown sender.
To clean PWS-Zbot Trojan from your computer, follow the steps below:
How to remove Trojan PWS-Zbot from your computer:
Step 1: Start your computer in “Safe Mode with Networking”
To do this:
1. Shut down your computer.
2. Start up your computer (Power On) and as your computer is booting up, press the "F8" key before the Windows logo appears.
3. Using your keyboard arrows select the "Safe Mode with Networking" option and press "Enter".
Step 2: Remove malicious “PWS Zbot” Rootkit registry entries.
1. Download TDSSKiller Anti-rootkit utility from Kaspersky's website on your desktop.
2. When the download process is complete, go to your desktop and double click on “tdsskiller.exe” to run it.
3. At Kaspersky’s Anti-rootkit utility program click on “Start scan" to start scanning for malicious programs.
When the scan process is complete, a new window opens with the scanning results.
6. Choose "Delete" and press “Continue” to remove all threats found.
7. When the removal operation is complete, reboot your computer.
8. Start your computer in “Safe Mode with Networking” again.
9. After rebooting, run TDSSKiller again to scan one more time for Rootkits. If the previous curing job was completed successfully, the program will now inform you that "No Threats found".
Step 3: Clean you computer with RogueKiller
1. Download and save "RogueKiller" utility on your computer'* (e.g. your Desktop)
Notice*: Download version x86 or X64 according to your operating system's version. To find your operating system's version, "Right Click" on your computer icon, choose "Properties" and look at "System Type" section.
2. Double Click to run RogueKiller.
3. Let the prescan to complete and then press on "Scan" button to perform a full scan.
3. When the full scan is completed, press the "Delete" button to remove all malicious items found.
4. Close RogueKiller utility and reboot your computer.
5. Start your computer in “Safe Mode with Networking” again.
6. Run RogueKiller again to ensure that “PWS-Zbot” infection is completely removed.
7. Continue to the next step.
Step 4. Clean your computer from remaining malicious threats.
Download and install one of the most reliable FREE anti malware programs today to clean your computer from remaining malicious threats. If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO:
1. Run "Malwarebytes Anti-Malware" and allow the program to update to its latest version and malicious database if needed.
2. When the "Malwarebytes Anti-Malware" main window appears on your screen, choose the "Perform quick scan" option and then press "Scan" button and let the program scan your system for threats.
3. When the scanning is completed, press “OK” to close the information message and then press the "Show results" button to view and remove the malicious threats found.
4. At the "Show Results" window check all items found (Right-Click > “Select All Items”) and then click on the "Remove Selected" button to remove all threats.
5. When the removal of infected objects process is complete, "Restart your system to remove all active threats properly".
6. Continue to the next step.
Advice: To ensure your computer is clean and safe, perform a Malwarebytes’ Anti-Malware full scan in windows “Safe mode“.*
*To get into Windows Safe mode, press the “F8” key as your computer is booting up, before the appearance of the Windows logo. When the “Windows Advanced Options Menu” appears on your screen, use your keyboard arrows keys to move to the Safe Mode option and then press “ENTER“.
Step 5. Clean unwanted files and entries.
Use “CCleaner” program and proceed to clean your system from temporary internet files and invalid registry entries.*
*If you don’t know how to install and use “CCleaner”, read these instructions.