Recommended
Dec 25, 2013

PWS:Win32/Zbot.gen!AP – How to Remove

The computer running speed becomes very slow and there are a lot of strange problems happening when you use the computer to perform some tasks? After scanning the entire system with the antivirus program on your computer, you can see PWS:Win32/Zbot.gen!AP showing in the scan result? What is it? How does this virus land in your computer without letting you know? Antivirus programs also let you down because they cannot remove it? If you want to know more detailed information about this Trojan, please read this blog post.

Details of PWS:Win32/Zbot.gen!AP:

PWS:Win32/Zbot.gen!AP is a hateful Trojan virus that is capable of modifying important system settings, leading the infected computer to do a lot of strange things and even seriously damaging the computer. There are a lot of media which can be used by the Trojan virus to come into your computer. Usually, downloading free software from uncertified sources, accessing to websites providing malicious plug-ins, clicking links sent by strangers and opening unknown email attachments will make your computer infected. In addition, it is also able to make full use of security vulnerabilities of Windows operating system to launch attack violently.

Once PWS:Win32/Zbot.gen!AP gets in your computer, it will execute a series of malicious behaviors immediately. Your antivirus software may warn you that the computer is in danger at this moment, but this is too late. Many users will be amazed to find that their computer is infected. Because important system files and registry entries are modified, its important components are able to pretend to be a necessary part of the computer system so that it avoids the antivirus software successfully. Moreover, the Trojan horse virus consumes lots of computer system resources, making your computer run very slowly and even disrupting the system. Programs that are running will always show you a prompt saying “no response” for a long time or “fail to continue due to insufficient memory”. What’s worse, it is advantageous to the cyber criminals who attempt to invade your computer. Your online traces and personal information may be recorded stealthily. Therefore, when you see the warning from the antivirus program, you should remain vigilant and take actions to remove it as soon as possible. However, it can be hidden in the computer system. Although some antivirus programs may be able to stop it provisionally, the stubborn virus has the ability to regenerate quickly. If you want to remove it completely, manual removal is the best choice.

Processing manual removal is supposed to have a certain level of computer literacy. If you are not sure how to start and are afraid of making any critical mistakes damaging the computer system, please live chat with YooCare Expert now.

What Can the Vicious Virus Do?

1. It has the ability to download additional components and other infections in the target computer in order to fully complete its penetration.
2. It is able to cause system crash and destroy some of your programs in the infected computer.
3. It facilitates the virus makers to intrude your computer remotely without letting you know.
4. It is capable of collecting your browsing history and other private data.

Manual Removal Guide:

The malicious PWS:Win32/Zbot.gen!AP can install itself into the computer system without your consent and awareness. It makes your computer work slowly and implants other nasty infections into the computer. To make things worse, this Trojan is a tool for the cyber criminals to invade the infected computer to steal your information. Through making use of advanced technology, it maintains the ability to combine its components with system files or to generate fake system files, which confuses computer users as well as antivirus programs. They cannot identify it accurately and timely, let alone remove it thoroughly. Therefore, manual removal is the best choice to drive it away from your computer. In this case, you are advised to delete every file generated by it manually so as to spare all later trouble. The manual removal needs to be handled carefully so as to avoid any subsequent damages. Users can follow the manual guide here to have the hijacker removed instantly.

1. End Relevant Processes

(1). Press Ctrl+Shift+Esc together to pop up Windows Task Manager, click Processes tab

Windows Task Manager

*For Win 8 Users:

Click More details when you see the Task Manager box

Win 8 Task Manager

And then click Details tab

Details Tab in Win 8 Task Manager

(2). Find out and end the processes of PWS:Win32/Zbot.gen!AP

2. Show Hidden Files

(1). Click on Start button and then on Control Panel

(2). Click on Appearance and Personalization

(3). Click on Folder Options

(4). Click on the View tab in the Folder Options window

(5). Choose Show hidden files, folders, and drives under the Hidden files and folders category

(6). Click OK at the bottom of the Folder Options window

*For Win 8 Users:

Press Win+E together to open Computer window, click View and then click Options

View in Computer Window

Click View tab in the Folder Options window, choose Show hidden files, folders, and drives under the Hidden files and folders category

View Tab in Folder Options Window

3. Delete Relevant Registry Entries and Files

(1). Delete the registry entries of PWS:Win32/Zbot.gen!AP through Registry Editor

Press Win+R to bring up the Run window, type “regedit” and click “OK”

While the Registry Editor is open, search and delete the related registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” =Random

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe

(2). Find out and remove the associated files.

%Temp%\random.exe

%AllUsersProfile%\Application Data\random

%AllUsersProfile%\Application Data\~random

%AllUsersProfile%\Application Data\.dll HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Random “.exe”

Video Shows You How to Safely Modify Windows Registry Editor:

In short, PWS:Win32/Zbot.gen!AP is a high risky Trojan virus that can cause serious damages to the infected computer. If you are not careful when going online (visiting malicious sites, running unsafe software and opening spam email attachments), your computer will be easily affected by it. It is attempting to access system kernel, delete or modify some important documents and even destroy the whole computer system. It is advantageous to the cyber criminals to collect your important information, including bank account or credit card details. This Trojan is really a nightmare. Victims should eliminate it as early as possible.

The above manual removal is quite dangerous and complicated, which needs sufficient professional skills. Therefore, only computer users with rich computer knowledge are recommended to implement the process because any errors including deleting important system files and registry entries will crash your computer system. If you have no idea of how to process the manual removal, please contact experts from YooCare Online Tech Support for further assistance.

Published by & last updated on December 25, 2013 1:03 pm

Leave a Reply

Your email address will not be published.

Problems with your PC, Mac or mobile device?

Live Chat Now

Thanks for using YooCare Services!

Here're some of the support team members who are passionate about their works and support our customers 24/7.

As Seen On