Backdoor:Win32/Zonebac.Gen!F is a generic detection for a Trojan that will open a backdoor to allow illicit remote access and let attackers gain full control on the infected computer. Backdoor:Win32/Zonebac.Gen!F can monitor the system and steal sensitive information. Coming from the family of Zonebac, this variant is also capable of lowering Internet Explorer security settings. The threat can also overwrite crucial Windows file in order to run itself when the system starts.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
When executed, Backdoor:Win32/Zonebac.Gen!F will drop a file under Temporary folder of Windows that is essential for its operation. Next, it will check for any running processes that are associated to system tools and anti-virus program. If found, the Trojan will delete the process that reduces security settings on the computer. It has a self-destruct function so not to alarm user of its presence by deleting itself before antivirus programs can notice the presence.
Backdoor:Win32/Zonebac.Gen!F also executes the following tasks:
- Connect to a remote computer and update itself
- Communicate with a remote host and download additional malware
- Gather and send sensitive computer information such as operating system version, security programs installed, latest installed service pack, computer name and other important data
Backdoor:Win32/Zonebac.Gen!F presence is caused by another Trojan infection. Once inside the system, it will infect executable files on local drive and unsecured network shares as a method to propagate. The Trojan will save a copy of clean file under “Bak” directory before injecting its malicious code.