Affected Operating Systems
Please follow the instructions for removing Trojans.
Troj/Zbot-ETH installs multiple copies of itself, with one copy stealthing another copy. Therefore cleanup for Troj/Zbot-ETH may require two full scans with reboots.
Running a full scan the first time will locate the "master copy" (typically located at <Application Data>\ScreenSaverPro.scr). After cleanup + reboot this will be removed, preventing the stealthing of the hidden copy. This is typically located in the <Application Data>\Microsoft folder, but the filename varies between different versions of the malware. Therefore the user should run a full system scan to locate this copy. A second round of cleanup + rebooting will remove this copy of the malware along with associated registry keys.