SPAMMED IN THE WILD
Virus Name : Trojan.Win32.Buzus.arqx
Alias : Trojan-Spy:W32/Zbot.IQJ,
Win32/Spy.Zbot.NB, W32/Banger.EIIP, Troj/Bckdr-QSL
Virus type : Trojan
level : Low
via e-mail and it usually arrives with attachment
DHL_DOC.zip which contains the
infected mail subject will be
Tracking number #<Random string>
Example: DHL Tracking number #N80XQ061350CSKG
infected mail message body will be
We were not able to deliver postal package you
sent on the 14th of March in time
because the recipients address is not
Please print out the invoice copy attached and
collect the package at our office.
Your personal manager: Tommy Deal,
Customer Service: 1-800-CALL-DHL
DHL International, Ltd. All Rights Reserved.
infected mail attachment will be
When the infected e-mail
attachment is executed, it copies to %SYSTEM%\sdra64.exe.
Then it modifies the registry to load
automatically on next startup. The registry key
modification is given below.
Userinit = "%System%\userinit.exe,%System%\sdra64.exe,"
Buzus also download and
installs serveral malicious files in the infected
system. It is associated with Zbot family and it
steals banking information from the infected
system. This trojan is also known as Trojan-Spy:W32/Zbot.IQJ,
Win32/Spy.Zbot.NB, W32/Banger.EIIP, Troj/Bckdr-QSL.
Trojan.Win32.Buzus.arqx variant appeared on 25th
How can I protect my
Solo has incorporated Trojan.Win32.Buzus.arqx in its signature file to
protect users from this trojan attack. Solo
antivirus registered users are already protected
from this trojan. Make sure that you have
installed registered version of Solo Antivirus to
protect your system from all virus threats.
to remove this Trojan?
you are already infected with this trojan, you
can remove it from your computer using Solo
Antivirus software. Solo antivirus can
detect and remove Trojan.Win32.Buzus.arqx
safely. Use the following link to Download
30 day trial version of Solo antivirus
to remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VBS, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link