What is Zloader

Most recent Zloader attack started in September, 2021 and targets mostly German and Austrian banking institutions. An ongoing Zloader campaign uses a new infection algorithms to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims’ computers to evade detection.

Zloader (also known as DELoader and Terdot) is a malicious piece of software classified as a virus-type program. Research shows that it is distributed through third parties web pages displaying fabricated error notifications like this 'The Roboto Condensed' font was not found. There has been an investigation conducted and it turned out that it is bundled in another malvertising program called Zeus, a banking trojan designed to gain access to confidential information stored or processed through online banking systems. When a malicious page is opened, it displays a message saying that the page failed to upload properly because the Roboto Condensed font was not detected for some reason. Depending on the browser you are using It offers visitors to fix this error by downloading and installing the font through either Mozilla Font Pack or Chrome Font Pack. These folders contain Chrome_Font.js or Mozilla_Font.js. The extensions stand for JavaScript file that is meant to install Zloader and thereby distribute Zeus banking trojan which is able to hijack passwords along with other credentials hence leaving you without a penny in the back. In this article, we are going to discuss the most acute reasons and solutions you can apply to get rid of this virus.

How Zloader infected your computer

Zloader is considered as one of the facilitative apps to help Zeus banking trojan sneak into your computer. As mentioned in the introduction, it can be found on fake warning pages. You can be transferred to this kind of pages that advise downloading the fixing software from other untrustworthy resources by clicking on different ads, pop-ups, free file hosting page, Peer-to-Peer networks and other sorts of scam. The key point is to avoid visiting suspicious pages and do not click on its advertisements. Instead, you can install the “AdBlock” browser extension that can hide all of the unwanted ads when surfing through pages. You can also check pages before visiting via Dr.Web Link Checker to be sure that the website will not carry any virus threat. Once you entered the page, expect to be tricked into downloading fake browser font that is allegedly meant to fix the following error. In fact, there is no error at all. It is just another foolish method to beguile innocent and careless users on the web. In practice, there are lots of inexperienced users especially elder people who cannot identify malicious tools and tend to be caught off guard by hijackers. Unfortunately, lots of them do not even know how to launch PC, therefore, they can easily fall into the hands of pervasive fraud. Cybercriminals are always finding new ways to penetrate users’ devices. One of the most favorite hijacking methods is false e-mail newsletters that can contain executable files (.EXE), PDF documents, and JavaScript files. When a user clicks or downloads them, it will provoke the inescapable installation process and successfully settle the Trojan on your computer. Thus, it will be systematically installing other additional software to infect your computer and provide the full vision of your device for hijackers to snatch out the necessary information for personal benefit. However, this is not the end just yet. Because people try to bypass activation of paid, licensed software via “cracking tools” Cyber Criminals have mastered that field either and can hide their trojans in there. Generally speaking, people who use this kind of tools expose themselves to receive an unwanted infection on their computer. In this article. we have prepared a list of nuclear methods to neutralize the Zloader virus and ensure your safety on the web.

  1. Download Zloader Removal Tool
  2. Use Windows Malicious Software Removal Tool to remove Zloader
  3. Use Autoruns to remove Zloader
  4. Files, folders and registry keys of Zloader
  5. Other aliases of Zloader
  6. How to protect from threats, like Zloader

Download Removal Tool

Download Removal Tool

To remove Zloader completely, we recommend you to use SpyHunter. It can help you remove files, folders, and registry keys of Zloader and provides active protection from viruses, trojans, backdoors. The trial version of SpyHunter offers virus scan and 1-time removal for FREE.

Download Alternative Removal Tool

Download Malwarebytes

To remove Zloader completely, we recommend you to use Malwarebytes Anti-Malware. It detects and removes all files, folders, and registry keys of Zloader and several millions of other malware, like viruses, trojans, backdoors.

Remove ZLoader manually

Manual removal of Zloader by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove Zloader using Windows Malicious Software Removal Tool

  1. Type mrt in the search box near Start Menu.
  2. Run mrt clicking on found item.
  3. Click Next button.
  4. Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
  5. Click Next button.
  6. Click on View detailed results of the scan link to view the scan details.
  7. Click Finish button.

Remove Zloader using Autoruns

Zloader often sets up to run at Windows startup as an Autorun entry or Scheduled task.

  1. Download Autoruns using this link.
  2. Extract the archive and run Autoruns.exe file.
  3. In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
  4. Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
  5. Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
  6. Switch to Scheduled Tasks tab and do the same.
  7. To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of Zloader

Zloader files and folders


Forwardhou.dll
cnfnot32.exe
ChiefCo.dll
vsmsoui.dll
myvtfile.exe
System.dll
%AppData%\Muyvfi

Zloader registry keys


HKEY_CURRENT_USER\Software\Microsoft\Leodtub
HKEY_CURRENT_USER\Software\Microsoft\toxm

Aliases of Zloader

TR/AD.ZLoader.avl, Trojan.Win32.ZLOADER.ENL, Trojan-Downloader.Win32.Zload.bl, Trojan.XM.ZLOADER.AFS, Trojan:Win32/Zloader.SA!MSR, RDN/Generic.dx, W32.Trojan.Gen, Trojan.Agent (A), A Variant Of Win32/GenKryptik.EIDM, Zbot, Zeus Sphinx, Tredot, DELoader

How to protect from threats, like Zloader, in future

bitdefender internet security

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove Zloader. However, if you got infected with Zloader with existing and updated security software, you may consider changing it. To feel safe and protect your PC from Zloader on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below:

Download BitDefender
Previous articleHow to remove VK+OK AdBlock
Next articleHow to remove Wacatac trojan

LEAVE A REPLY

Please enter your comment!
Please enter your name here