This page aims to help you remove Zeus. These Zeus removal instructions work for every version of Windows. It is also known as ZBot Trojan.
What is Zeus virus (Trojan)?
Trojan Horses are some of the commonly encountered viruses throughout the web. Their versatility when it comes to cyber-crimes is unmatched. That is why there are so many hackers who use this particular type of malicious software for their criminal deeds. Another particularly problematic aspect of Trojan Horses is that they usually don’t invoke any symptoms, which makes them incredibly difficult to detect. They can remain hidden as long as it takes to complete their illegal task. Zeus is one of those Trojan Horses and it comes in many aliases, the biggest of which is called the Zbot Trojan. In fact this specific virus is arguably the most wide-spread of its kind. It was first identified in July, 2007 and ever since the number of infected computers has just kept increasing. Furthermore, in 2012 researchers have found out Zeus has started targeting Android and Blackberry users as well. The ways of getting infected with the malicious software are numerous. In this article we will go over the most commonly used ones, so that our readers know how to effectively protect their PC’s from the harmful program.
- A very widely-spread method for spreading Zeus is via phishing. This method is designed to trick you into interacting with a certain electronic communication entity, thinking it is a legitimate and/or trustworthy one. For instance, often people may receive a pop-up message that looks similar to a regular Windows notification that requires you to either click Yes or No. Since the pop-up is in fact a disguised link to the Zeus virus, it does not matter what you click on – any interaction with the box message will redirect them to a malicious Zeus-infested site or will outright begin to download the harmful virus. Therefore, we strongly advise our readers to always be careful if they see any unexpected pop-ups on their screen, especially when they are using their browser. If you have an adware on your PC, make sure to have it removed ASAP, since some of its ads may serve as a link to potentially dangerous pages as well.
- Another common method is drive-by downloads. This is a general term for any unwanted content that gets downloaded on your machine. It may be even that you’ve permitted the download without knowing that the file is potentially harmful. However, it is possible that the downloading process has happened without your knowledge whatsoever. It can happen in many different ways. Generally, you should be careful when opening new e-mails from a unknown sender or when visiting any suspicious and shady sites. Similarly, a drive-by installation will install the virus on your PC without your knowledge or actual consent – the techniques via which this happens are similar to the drive-by download
- Emails and attached files. A spam email is more than capable of infecting your PC with Zeus if you make the mistake of trying to open the attached file. The Trojan may be hiding in all types of files – documents, archives, PDFs and more. Carefully read the contents of each email – if anything looks out of the ordinary you should scan the attached files for viruses before trying to open it.
A good rule of thumb is to always have a reliable, up-to-date anti-virus software. However, know that in some cases even they won’t be able to detect and prevent the Zeus virus from entering your system. You may also get one of many utility tools, specifically designed to detect certain malicious programs on your PC.
What can Zeus do to your computer?
As we mentioned before, Zeus can be used for a enormously wide variety of illegal tasks. Here we will give you a general idea of its capabilities, so that you know just how essential it is to keep your machine safe from it.
Trojan Horses are notorious for their capability of bringing mayhem to your system. Zeus is no exception – it can corrupt your files, format your hard-drive, delete your programs or outright render your whole system unusable. Basically everything that you can think of. This, however, is not it’s most harmful use. There are far worse things that Zeus can do compared to simply turning the data in your PC into useless scrap.
This is one of the most feared uses of the malicious virus. It is capable of spying and acquiring information about you via different methods. One of the most commonly used ones is keystroke logging. This method monitors and records your keyboard entries and sends them to the hacker afterwards. That way the cyber criminal may bust your passwords or gain all sorts of personal information about you – the possibilities are endless. Furthermore, the virus can be used to show to the hacker what is currently happening on your screen. However, the most scary spying method for which Zeus can be used is hacking of your webcam. That is right – the malicious software can even use your own camera to spy on you.
Electronic money theft
Yet another very common use of most Trojan Horses. The virus can get into your system, bust all your bank accounts and then extract the money without you having any knowledge of it. In fact, you may realize that there’s been theft long after the crime has already been done. To make matters even worse, it is almost impossible to track down the hacker and bring them to justice. Once the extraction takes place, there’s virtually no way to have get your money back from the criminal. One of the reasons why the Zeus virus is so successful stealing people’s money is because it uses the form grabbing method. This is more effective way for busting user’s passwords than keystroke logging. Instead of monitoring and recording keyboard entries, malicious programs that use form grabbing intercept data during its transfer from the user to a secure server, thus making it possible for the hacker to access the data, before it gets protected. This method was a major issue when the virus first came out, since Zeus was the first one to utilize it to such effectiveness.
Botnet and mining
It is also possible that Zeus may force your PC to work for whoever designed the virus. Your machine could be made part of a botnet – a network of coordinated computers that serve a specific common purpose. In this case the purpose of the botnet would probably be sending out spam e-mails messages or further spreading of the virus throughout the Internet. As a matter of fact, the Zeus virus has arguably the largest botnet among all Trojan Horse viruses. It was estimated that only in 2009 over 3.9 million computers have been made part of Zeus’s botnet. Another possibility is that you computer gets turned into a cyber-currency mining tool. This means that the hacker who commands the virus will gain cyber money (such as bitcoins) from your computer’s work.
Further virus infestations
Trojans are also notorious for their capability of further infecting people’s computers with more harmful programs. A well-known example is when a Trojan serves as a gateway for a Ransomware virus. That way you will have to deal with two of the nastiest viruses out-there at once.
It should be clear by now just how important it is to protect your PC from the Zeus virus. Apart from everything mentioned so far, you should also know that this specific malicious software is particularly hard to get rid of even for a professional. Besides, viruses evolve and change on daily bases.Keep in mind that the virus tends to change its process name every now and then, thus making it much more difficult for any anti-malware programs to effectively track it down and have it removed. Here we will give you a short list of possible names that Zeus’s process may go under. Note that there are surely many more names that the virus may use to disguise its process. The list will include only the most commonly reported ones:
Trojan-Spy:W32/Zbot; PWS-Zbot; Trojan-Spy.Win32.Zbot; Trojan.Wsnpoem; Troj/Zbot-LG; Troj/Agent-MDL; Troj/Zbot-LM; Troj/TDSS-BY; Troj/Zbot-LO; Troj/Buzus-CE; Sinowal.WUR Troj/QakBot-D; Troj/Agent-MIR; Troj/Qakbot-E; Troj/QakBot-G
Below this article, we have provided you with a guide that can possibly help you deal with the malicious virus in case think it is currently messing with your PC.
|Danger Level||High (Trojans are often used as a priming tool for various malicious processes)|
|Symptoms|| A big problem with Trojan Horses is their general lack of typical symptoms. Generally be on the lookout for any unusual behaviour of your PC, such as excess resource usage by unknown processes.
|Distribution Method||Spam e-mails, illegal torrents, file-sharing sites, fake ads and pop-ups.|
|Detection Tool||Zeus may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.|
Zeus Virus Removal
Reboot in Safe Mode (use this guide if you don’t know how to do it).
- Before moving onto the next step, we advise you to first download and run TDSSKiller by Kaspersky. This utility tool will scan your system for several different malware programs, Zeus included. The program is especially good at uncovering hidden virus processes that you could miss while doing a manual removal
Download the program from here http://support.kaspersky.com/viruses/utility and install it. It will automatically open. Click on Start Scan and wait until the scan is over. Once the process is over, you will be able to see whether any threats are found and where they are located.
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.
The first thing you absolutely must do is Reveal All Hidden Files and Folders.
- Do not skip this. Zeus may have hidden some of its files and you need to see them.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:
Type msconfig in the search field and hit enter. A window will pop-up:
Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.
- Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.
- This step is very important, because you can catch other threats (like Ransomware and Spyware) while looking for the Adware process.
Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.
Type Regedit in the windows search field and press Enter.
Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If all the prior steps fail to help you or you have reason to believe your system is exposed to threats like Ransomware, we advise you to download a professional scanner and remover.
Remember to leave us a comment if you run into any trouble!