Zeus Sphinx

Zeus Sphinx

Zeus Sphinx is a new malware variant of the Trojan horse family that can infect computers without getting spotted by their antivirus programs. Viruses like Zeus Sphinx can be used in different ways, including for data and money theft, espionage, and Ransomware distribution.

Zeus Sphinx

The Zeus Sphinx malware is detected by multiple VirusTotal scanners.

Since this is a new addition to the Trojan horse category and there’s still not enough research on it, it is difficult to tell exactly what the main goal of this infection is. Furthermore, it is possible that the virus can be used for different tasks on the different computers it infects. The Trojan horse malware type is very versatile in general and its representatives can be tasked with the completion of a wide variety of harmful actions. Currently, we can give you information about the most likely uses of the Zeus Sphinx threat so that you know what you might face if this virus enters/has entered your computer.

Common uses of Trojan horse viruses

Nowadays, one of the most popular uses of these threats is for the distribution of other, more specialized, forms of malware. A common example of that is the Ransomware category – the infections of this type are oftentimes delivered into the computers of their victims with the help of a hidden Trojan horse that has already entered the targeted machine. In those cases, the Trojan serves a secondary purpose and the Ransomware is the one that causes the actual damage.

Of course, Trojans can be the main malware too. In many cases, this type of malware is used for spying on the targeted victim with the goal to collect some form of sensitive information. Depending on what the collected data is, it could be used in different ways. For instance, if the virus has acquired your banking details, this may allow the hackers to silently drain your bank accounts. In other cases, if the Trojan has gotten to some personal details about you, the hackers may blackmail you for a ransom payment by threatening you that those details may be sent to everybody who knows you.

One of the most common Trojan horse uses is when Zeus Sphinx or another similar virus takes over the whole system and starts launching different processes in the computer without your permission. Usually, those processes are aimed at mining Bitcoins (or other cryptocurrencies) for the hackers or at targeting other users with spam messages to further spread the virus.

Prevention tips

The best way to stop any form of malware from damaging your computer is to make sure the malicious program never gets inside your PC in the first place.

When talking about Trojans, it’s important to note that most such threats rely on the victim’s own gullibility to get the malware inside their computer. This is done by using disguises for the virus and presenting it to the user as something the latter is likely to download. It could be a popular game distributed for free by a torrent site or some other piece of software. It could also be a misleading email attachment that contains the Trojan. Because of this, you really need to use your common sense when browsing the Internet and only interact with and download content that you have found on reliable sites that have a good reputation.


Name Zeus Sphinx
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms Trojans can cause your system to crash, your programs to give unusual errors, and your screen to freeze, but there could also be no symptoms whatsoever.
Distribution Method Sites that spread pirated programs oftentimes have Trojans on them that are disguised as regular software.
Detection Tool

Zeus Sphinx Malware Removal

If you are looking for a way to remove Zeus Sphinx you can try this:

  1. Click on the Start button in the bottom left corner of your Windows OS.
  2. Go to Control Panel -> Programs and Features -> Uninstall a Program.
  3. Search for Zeus Sphinx and any other unfamiliar programs.
  4. Uninstall Zeus Sphinx as well as other suspicious programs.

Note that this might not get rid of Zeus Sphinx completely. For more detailed removal instructions follow the guide below.

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide

Zeus Sphinx

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Zeus Sphinx


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Zeus Sphinx

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Zeus Sphinx
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result
Zeus SphinxClamAV
Zeus SphinxAVG AV
Zeus SphinxMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Zeus Sphinx

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Zeus Sphinx

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

Zeus Sphinx

Zeus Sphinx

Type msconfig in the search field and hit enter. A window will pop-up:

Zeus Sphinx

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Zeus Sphinx

If there are suspicious IPs below “Localhost” – write to us in the comments.

Zeus Sphinx

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment