This page aims to help you remove Trojan.Zbot. These Trojan.Zbot removal instructions work for every version of Windows.

Being infected with a Trojan horse like Trojan.Zbot can be quite an unpleasant experience. Removing the malware may be challenging as well, because this type of threats can be very tricky and hard to detect. Panicking, however, is the last thing that would help you effectively deal with the Trojan. That’s why we suggest you read the guide below – it will give you a detailed explanation about the way Trojan.Zbot operates, and the possible steps that can help you clean your computer from it. Zbot is associated with one of the most notorious Trojans called Zeus Virus

Why is Trojan.Zbot such a nasty threat?

Trojan horses are famous for their malicious abilities and, as one of the latest additions to this harmful type of software, Trojan.Zbot is no exception. Trojans can really be problematic once they infect you. The main reason why this type of malware is so difficult to deal with is its stealthy nature. A threat like Trojan.Zbot usually sneaks inside your system unnoticed when you happen to click on some seemingly harmless, but actually very malicious app, link, email attachment, image, ad, torrent, video or whatever type of online content you can think of. Then, it hides deep inside your system and it may take months or even years for you to realize what a harmful threat is lurking inside your computer. It is hard to detect the malicious activities that may be going in the background, unless some strange system activities, slowdown or crashes indicate the presence of the malware. However, even that may not always happen. Their ability to camouflage and remain undetected is one of the major reasons why criminal hackers love Trojans so much. On top of that, these threats can be used for many types of harmful activities and in the next lines we will point out just a few of them.

What can a Trojan horse be used for?

Trojan horses are the malware of choice for many cyber criminals, who use them to perform various malicious deeds. Practically, there isn’t anything harmful that a Trojan like Trojan.Zbot cannot do, so the list is unlimited, but below you will see the most common and feared things that hackers could use this type of software for:

  • Spreading Ransomware – Trojans are involved in the effective distribution of dreadful threats like Ransomware. This new form of online blackmail is one of the most widely spread malware today and thanks to the vulnerability that Trojans like Trojan.Zbot create, it can find its way to your machine absolutely undetected. Various other virus threats may also sneak in using the coverage of a Trojan.
  • Spying and tracking your activity – A wide range of espionage techniques can be employed by hackers with malicious intentions thanks to the Trojan on your machine. By tracking your keystrokes, the criminals may collect data about your passwords, credit and debit card details, sensitive information, and online accounts. They may even gain unauthorized access to your webcam and mic and this way spy on you and everything in your home.
  • Destroying your personal files and your system – malicious pieces of software like Trojan.Zbot can also be used to mess up your system, destroy the data found on your hard drive, or even crash your whole OS. That’s why it is really important to remove them as soon as possible.
  • Involving you in Botnets and various criminal activities – In some cases, the Trojan may take over your machine and turn it into a spam-bot or a mining bot. This way, the criminals behind the malware may force your PC to execute some criminal tasks, such as virus spreading or spamming, regardless of whether you have allowed that or not.

How can you protect your system?

The protection of your computer pretty much depends on some major safety tips that you can apply in order to keep nasty threats like Trojan.Zbot away. To start off, always make sure that your system is regularly updated and has the latest security and system patches in order to eliminate system vulnerabilities, which may be exploited by Trojans or other malware. The moment you see something wrong with your system, you should immediately run a system scan with reputed antivirus software. Also, if possible, avoid shady or illegal web locations, sketchy content, spam emails, suspicious ads, and links, as you never know where they may get you redirected. Removing the Trojan is way trickier than avoiding it, but if you have already been infected with Trojan.Zbot, the removal guide below will show you exactly what to do in order to clean your system from it. Just follow the steps and let us know if you face any difficulty.


Name Trojan.Zbot
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  In some cases, some strange system activities, slowdown or crashes may indicate the presence of the Trojan.
Distribution Method  This threat can be found in various web locations such as apps, links, email attachments, images, ads, torrents, videos or whatever type of online content you can think of.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Trojan.Zbot Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


Hold together the Start Key and R. Type appwiz.cpl –> OK.


You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:


Type msconfig in the search field and hit enter. A window will pop-up:


Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:


If there are suspicious IPs below “Localhost” – write to us in the comments.



Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


  • This step is very important, because you can catch other threats (like Ransomware and Spyware) while looking for the Adware process.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.


Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random


If all the prior steps fail to help you or you have reason to believe your system is exposed to threats like Ransomware, we advise you to download a professional scanner and remover.

Remember to leave us a comment if you run into any trouble!


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment