.zbt File Virus (Restore Files) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

.zbt File Virus (Restore Files)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .zbt ransomware and other threats.
Threats such as .zbt ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Article made to help you remove the .zbt ransomware virus and try to get back files that have been AES encrypted by this virus.

A virus, that has been detected at the start of June 2017, dubbed WinUpdatesDisabler has been reported to encrypt files of victims with AES encryption algorithm. The ransomware virus aims to perform multiple different types of activities on the infected computer. They include the adding of the .zbt file extension and then dropping a ransom note, named Payment information for decryption.txt. Victims are demanded to pay the sum of 0.5 BTC in order to get their important files to work again. If your computer has been infected by the .zbt extension ransomware, we recommend you to read this article.

Threat Summary

Name.zbt ransomware
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computer it infects and asks victims to pay 0.5 BTC to get them back.
SymptomsFiles are AES encrypted with added .zbt file extension. A ransom note is dropped written in Bosnian.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .zbt ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .zbt ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.zbt File Ransomware Distribution Methods

In order to infect an unsuspecting user, the .zbt file virus may use more than one methods. The primary method, by which this ransomware can be encountered is via e-mail spam messages that carry malicious e-mail attachments or web links. The e-mails usually contain convincing statements which’s end goal is to get the victim into believing they are legitimate and open the attachment or click on the web link. Here is an example of a fake DHL e-mail containing a web link where the malicious file is downloaded in a .zip format:

Such e-mails may be encountered to spread .zbt ransomware as well. Besides those methods, the malicious file of this virus can also be uploaded online on websites. It may be masked as a setup for a program you are looking to download, fake updates, license activators or other types of executables. This is why it is always advisable to run an on-demand scan or have real-time protection when you are downloading unknown files.

.zbt File Virus – Analysis

Once an infection with the WinUpdatesDisabler ransomware takes place, the virus begins to drop it’s payload. The main payload file is called WinUpdatesDisabler.exe and besides it, other files may reside in the usually targeted Windows folders under different names:

After the files are dropped,the .zbt ransomware may also drop it’s ransom note, named Payment information for decryption.txt. It has the following message written in Bosnian:

“Ej sestriće, moraš da gi platiš.
Ako gi ne platiš, zaključani fajlovi nema da gi vratiš.”

Other activity of the .zbt virus may involve modifying the Windows Registry Editor, more specifically target the Run and RunOnce Windows registry keys. These keys are usually responsible for the automatic running of the malicious files of .zbt ransomware along Windows start-up.

The .zbt ransomware may also delete the shadow volume copies of the infected computer, via the vssadmin command:

.zbt Ransomware – Encryption Process

In order to encrypt files on computers that have been infected by it, the .zbt file virus uses the AES encryption algorithm. This cipher aims to replace data from the original files which are targeted for encryption with scrambled data from the cipher. This essentially results in the files no longer able to be opened and appear as if they are corrupt. The .zbt extension is added to them, making them look like the image below:

The .zbt ransomware virus does not just target any type of file for the encryptiom. The ransomware looks for multiple different types of files to encrypt. These are extensions that are associated with documents, audio files, videos, archives and other often used files.

Remove .zbt Ransomware and Restore Your Files

Before beginning the removal process, we recommend you to back up your encrypted files. Then you should follow the removal instructions below. They are specifically designed to help you remove the .zbt file virus. Since manual removal may be difficult, experts often advise to use a ransomware-specific tool that will aid in the removal and protect your computer in real-time against future threats.

If your files have been encrypted by the .zbt ransomware virus, you can try and restore them using alternative methods. We have suggested the methods in step “2. Restore files encrypted by .zbt ransomware” and we recommend that you follow them at your own risk. They may be in no way a method to restore all of your files, but with their aid you may be able to salvage at least a portion of your data.

Note! Your computer system may be affected by .zbt ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .zbt ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .zbt ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .zbt ransomware files and objects
2. Find files created by .zbt ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .zbt ransomware

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...