Danger level:  

Remove Zeus Trojan (Uninstall Guide) - Mar 2021 updated

removal by Jake Doevan - - | Type: Viruses

Zeus virus a notorious banking trojan which name is still used in elaborate tech support scam schemes

Zeus virus Zeus virus is a dangerous banking trojan that was terminated in 2011. However, bad actors are now using the name of the virus to scare users into calling fake tech support numbers

Zeus virus (also known as ZeuS or Zbot) is a trojan horse that was first released back in 2007 for Windows operating systems and primarily used to steal financial data from victims, although it is not the only feature of the cyber threat. It was also used to insert CryptoLocker ransomware and record keystrokes. In addition, malware was involved in a massive compromise of high-profile organization sites from NASA, ABC, Oracle, Amazon, Cisco, and others. The multi-million dollar illegal business resulted in the arrest of more than 100 people related to Zeus trojan. At its prime in 2009, the virus infected 3.6 million machines worldwide and formed a most massive botnet to date. However, once ZeuS virus was terminated in 2011, tech support scammers started to actively abuse the name of the threat, inserting phishing messages into various websites and threatening users that their sensitive information will be compromised if they will not contact the alleged support via the provided number.

Name Zeus
Also known as

Panda banker, Zbot, ZeuS, GameOver Zeus, Terdot

Type Trojan or tech support scam
  • Steal banking and other sensitive details, upload malware (trojan)
  • Extort money by scamming victims into paying for bogus software or providing personal information (tech support scam)
Scam variants
Symptoms Redirects to tech support scams and other potentially dangerous sites are usually caused by adware;
Zeus trojan can slow down the PC, crash programs, increase the usage of computer resources, etc.
Distribution Adware is usually included in software bundles or on third-party websites
Elimination You can either check our manual removal instructions below or install security software
Recovery We recommend scanning your device with ReimageIntego to fix virus damage

Since Zeus virus is no longer operational (although there is no guarantee that there is absolutely no chance of getting infected), we will focus on tech support scams in this article. By reading this post, you will find out how browser-based scams work, what causes them, and how to remove Zeus virus associated pop-ups and notifications.

Zeus trojan fake pop-ups can be encountered on Google Chrome, Internet Explorer, Mozilla Firefox, Opera, Safari, or any other browser. While such confrontation does not necessarily mean that the PC is infected with any type of malware, it might indicate adware presence. Nevertheless, users can encounter a fake Zeus trojan when redirected from another malicious website.

Adware is an ad-supported program that is distributed in software bundles. Typically, users will not notice its entry point, as it is deceptively hidden inside the installers of freeware or shareware applications. Its primary goal is to redirect users to sponsored sites and display pop-ups, deals, offers, coupons, and other commercial content.

Such a scheme provides adware authors with juice ad revenue, and the more users are exposed to the adverts, the more profit is gained. Unfortunately, adware authors usually do not check the sites they are affiliated with, which results in redirects to malware-laden, survey scam, or support-scam sites like “Zeus Virus Detected.”

Zeus virus scamZeus virus is one of the biggest malware examples that infected millions of users or organizations. However, the name of the trojan is also used by crooks to make users believe that their personal information is in dager of being stolen

To remove Zeus virus tech support messages from the browsers, users will have to eliminate adware that is spawning such messages. Unfortunately, it is not that easy in some cases, as PUPs might be hiding under legitimate names or use other stealth tactics.

Therefore, in some cases, it is best to use security software that can detect and take care of Zeus virus removal automatically. We also advise users to scan their devices with ReimageIntego for best results.

Tech support scam analysis

It’s hard to find a computer user who hasn’t heard about a dangerous cyber threat called Zeus trojan. This malware inspired other cybercriminals to create scareware. It’s a malicious application designed to trick users into installing or buying potentially dangerous software.

Most of the time scammers offer to buy a bogus antivirus program. Therefore, while browsing the Internet users may receive a pop-up or ad that informs that Zeus virus has been detected on their computers. Of course, seeing this message, it’s hard to stay calm and not to freak out.

However, you should know that warnings about computer infections can deliver only the antivirus program that you have installed on your PC. If you encounter this ad, do not click on it. You may be redirected to a potentially dangerous website where you may be offered to purchase a fake program that can remove Zeus virus, or call fraudulent technical support services.

Zeus Trojan credentialsBad actors behind Zeus Trojan scam can ask users to provide their credentials

If you see one of these phone numbers, do not consider calling them: 1-800-014-8826, 1-844-324-6233 or 1-844-680-1071. They may be charged a lot, and Zeus virus scammers may try to get your personal information. When warning messages keep popping up on your browser, you should scan your computer with anti-malware software and let it remove all malicious components that have sneaked inside your PC. The same program can be used for Zeus removal as well.

Zeus virus scam variants

There are several different pop-up messages users can encounter that claim the Zeus virus infection. We will discuss some of them.

Windows Defender Alert: Zeus Virus

Windows Defender alert: Zeus virus is a scam that appears on a random website and displays a message that reminds a Blue Screen of Death window. Bad actors often imitate the looks of legitimate messages in order to make the hoax more believable.

Users might be shown Windows Defender Alert Zeus Virus Detected notification if they get redirected from an unsafe site or due to adware infection. The page, engineered by crooks claims that Windows Defender (which is a built-in security software from Microsoft) has detected a Zeus virus on the device, and asks users not to restart the PC.

Bad actors then proceed explaining that such personal data like banking information, passwords and other details will be compromised unless the alleged technical support at +1-844-313-7003 (number might vary) is contacted.

The truth is, closing the page will not result in anything, and contacting cybercriminals is the worst solution. Instead, users should scan their devices for adware or other PUPs to stop fake Windows Defender Alert Zeus Virus Detected alerts.

Zeus Trojan tech support scamMalicious actors try to convince users that their computers or/and personal information is in danger. They often demand unsolicited payments for bogus services or fake software

You Have a ZEUS virus

You have a Zeus virus scam is a variant of a tech support scam that urges users to call 1-844-859-0337 due to Zeus virus infection. In addition to the usual threat of personal information being stolen, this variant claims that the entire hard drive will be deleted:

WARNING! Your Hard drive will be DELETED if your close this page. You have a ZEUS Virus! Please call Support Now!. Call Toll-Free: 1-844-859-0337 To Stop This Process

The deletion of “hard drive” can be only accomplished by ransomware type that is called wiper. Such viruses are created to encrypt or corrupt data on the device without a possibility to restore it. Developers of such malware do not send out messages to victims that their data will be deleted, as it is counterproductive.

Additionally, You have a Zeus virus scam authors did not express themselves that well, as deletion of hard drive literally means the removal of hardware, which is impossible. It is always beneficial to catch crooks making such mistakes – it makes recognition of the hoax much easier.

Security Update Error 0xB6201879. Authentification required

Security Update Error 0xB6201879. Authentification required is a scam message that is very similar to other variants that use a blue background to imitate BSoD error message. However, the fake Error 0xB6201879 also spawns a pop-up window that prompts users to enter the Username and Password. It is unclear what type of credentials hackers are asking for, but listing the details is not a good idea. The pop-up message states:

http://b2-2609123.tk is requesting your user name and password. The site says: “Security Update Error 0xB6201879 Help Desk: 44-800-090-3820 (TOLL-FREE)”

Windows Defender Zeus virus detectedThis variant of the scam spawns a pop-up message that asks for users' credentials

Those who contact the fake tech support might be asked to perform several actions that should not be done in any case when thinking about computer security:

  • Entering specific websites and downloading/installing unknown software;
  • Asking to install bogus applications that might harm the computer;
  • Remotely accessing the computer and installing malware or stealing personal data;
  • Asking for credit card details for various reasons.

As usual, do not trust a word that the fake tech support says, as it is all done for the monetary benefit and is entirely false. Do not contact bad actors in the first place – there is no need to. Instead, hurry up and remove adware associated with fake Zeus virus messages.

Adware leads to malicious sites – here's how it is distributed

Adware is software that is sponsored by advertisements. While there is nothing wrong in such a monetizing method, it is sadly not used correctly by most PUP developers. Ads are often connected in a giant network automatically, the information about user browsing habits is also shared between parties. The scheme is so large that tracking the connections becomes almost impossible.

Showing relevant ads to users might even improve the experience and help them find what they need. However, persistent and intrusive ads that sometimes lead to malware-ridden and phishing sites are straight out malicious and can result in horrible consequences.

Therefore, adware is not a welcomed guest on anybody's PC, at least not on those who value their online privacy and computer security. There are several mitigation means to reduce the chance of infection:

  • Use anti-virus software that specializes in PUP detection and removal;
  • Avoid unknown third-party site downloads;
  • Carefully check for documents like Terms of Service and Privacy Policy;
  • Do not rush the installation procedure of shareware/freeware – examine each step carefully to avoid tricks used by PUP authors (pre-ticked boxes, grayed out buttons, etc.);
  • When prompted, opt for Advanced/Custom settings instead of Recommended/Quick ones to prevent optional components from being installed together with the initial application;
  • Make use of ad-blocking software that can stop malicious pop-ups.

Zeus virus hoaxMost adware is distributed via software bundling, although users can download a deceptive program from unknown third-party sites

Terminate Zeus trojan fake alerts from your system

There is a very little chance of you getting infected with a real Zeus trojan virus, as it is very old and has been discontinued for many years. Nevertheless, as we previously stated, it does not mean that the infection of the threat is impossible. However, most modern security solutions would take care of Zeus virus removal, as long as the program is up to date.

In case you are suffering from redirects to suspicious and phishing sites, you need to remove Zeus virus adware associated with the unwanted activity. You can use our manual instructions below or make use of a security application that focuses on PUPs. While the former solution might be effective, experts recommend scanning the device with anti-malware software regularly.

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

try it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Security Tools
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Security Tools
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
Zeus Trojan horse screenshot
Zeus Trojan horse screenshotZeus Trojan horse screenshotZeus Trojan horse screenshotZeus Trojan horse screenshotZeus Trojan horse screenshot
Zeus Trojan horse screenshot

To remove Zeus Trojan, follow these steps:

Uninstall Zeus Trojan in Windows systems

To stop fake Zeus virus alerts on Windows, please follow these instructions:

  1. Go to Start Control Panel Programs and Features (if you are Windows XP user, open Add/Remove Programs). Go to 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, open 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, click on Windows icon in the lower left corner of the screen to open Quick Access Menu. Then click Control Panel and select Uninstall a Program. If you are 'Windows 10 / Windows 8' user, click on Windows icon in the lower left corner of the screen to open 'Quick Access Menu'. Then click 'Control Panel' and select 'Uninstall a Program'.
  3. Remove Zeus Trojan and programs related to it
    Now, take a look at the list of programs and find Zeus Trojan or other programs that you do not remember installing.
  4. Right-click on these programs and select "Uninstall." Then click OK to save changes. Right-click every suspicious program and select 'Uninstall'

Uninstall Zeus Trojan in Mac OS X system

If your macOS is displaying the signs of adware infection and browsers are redirecting you to scam sites constantly, follow this guide:

  1. Users who use OS X should click on Go button, which can be found at the top left corner of the screen and select Applications. Click on 'Go' to open a drop-down menu and select 'Applications'.
  2. Wait until you see Applications folder and look for Zeus Trojan or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on each malicious application and select 'Move to Trash'

Delete Zeus Trojan from Internet Explorer (IE)

  1. Delete suspicious browser add-ons
    Launch Internet Explorer, and then open IE by clicking on the Gear icon, which is located at the top right corner of the Internet browser. Then, click Manage Add-ons. Open browser menu and go to 'Manage add-ons'
  2. Manage Add-ons window will appear on your screen. Now, search for Zeus Trojan and other questionable browser add-ons. Right-click them on each of them and select Disable. To eliminate malicious applications, right-click on each of them and click 'Disable'
  3. If virus altered your homepage, change it:
    Click the Gear icon at the top right corner of the Internet browser and then click Internet Options. Stay in General section.
  4. Now, delete malicious URL and enter Delete suspicious URL, type in your preferable site name and click 'Apply' to save
  5. Reset all Internet Explorer settings
    Click on Gear icon and then opt for Internet options. Then go to Advanced section.
  6. Click Reset.
  7. A new window appears, and then you have to tick Delete personal settings and click Reset to finalise Zeus Trojan removal. In 'Advanced' tab, click 'Reset'. Then tick 'Delete personal settings' and click 'Reset'.

Delete Zeus Trojan from Microsoft Edge

As soon as you eliminate adware from your device, reset MS Edge to its default settings:

Reset settings in Microsoft Edge (Technique No.1):

  1. Open Microsoft Edge browser, then click on More button, which is situated at the top right edge of the screen
  2. Select Settings from the drop down menu.
  3. When the Settings panel appears, find Clear browsing data section and hit Choose what to clear button. Open Settings and click on 'Choose what to clear' button
  4. Then mark all components that you wish to delete and after that hit Clear. Click 'Clear'
  5. Right-click the Start button (that has Windows logo on it) and choose Task Manager. Right-click the Start button again and choose 'Task Manager'
  6. Go to Processes tab and look for Microsoft Edge.
  7. Right-click on it and select Go to details. If there is no Go to details option, select More details and carry out previous instructions. Right-click on 'Microsoft Edge' and choose 'Go to details' option If 'Go to details' option does not show up, choose 'More details' instead
  8. Once Details tab appears, look for entries that contain Microsoft Edge name. Right-click on such individual entries and choose End Task option to terminate them. Locate all entries that relate to Microsoft Edge and click 'End Task'

Reset Microsoft Edge (Technique No.2):

In case the Technique No.1 did not help you to fix the problem, use advanced Edge reset option.

  1. Important: you must backup your files before you use these tips
  2. Locate this folder on your PC: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select all items in this folder and right-click with your mouse. Select Delete. Open Microsoft Edge folder on your PC, click every entry with the right mouse button and select 'Delete'
  4. Click on the Start button (that has Windows Logo on it) and in Search my stuff field, type in window power.
  5. With the right button of your mouse, click on every entry and select Run as administrator. Locate where Windows PowerShell is, right-click on it and click on 'Run as administrator' option
  6. Once you get Admin's rights, Windows PowerShell window should show up shortly. Paste this line:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    after PS C:\WINDOWS\system32> and hit Enter. Copy and then paste the necessary command and hit 'Enter'

After completing these steps, Microsoft Edge should be Zeus Trojan-free.

Delete Zeus Trojan from Mozilla Firefox (FF)

  1. Delete suspicious browser extensions
    Launch Mozilla Firefox, and then open menu (click a button at the top right corner). Then, go to Add-ons Extensions. Open browser menu and go to 'Add-ons'
  2. Now, locate Zeus Trojan and other suspicious extensions. Click Remove to eliminate them. Go to 'Extensions' and locate malicious browser add-ons. Hit 'Remove' button to delete each entry
  3. Reset all Mozilla Firefox settings
    Click on the Firefox at the top left corner and then click the question mark. Then, select Troubleshooting Information. Open menu by clicking on the indicated icon and on '?'. Then select 'Troubleshooting Information'.
  4. Reset Firefox to its default state message should appear then. You will see Reset Firefox button. Click this button a few times and finalise Zeus Trojan removal. Hit 'Reset Firefox' button a few times

Delete Zeus Trojan from Google Chrome

Adware can inject other applications without consent, such as browser hijackers. These PUPs are developed to change web browser settings. To revert these modifications, reset Google Chrome:

  1. Remove malicious extensions
    Launch Google Chrome, and then open menu (click a button at the top right corner). Then, go to Tools Extensions. Open browser's menu, then click 'Tools' and 'Extensions'
  2. Now, look for Zeus Trojan and other suspicious extensions and then click the trash icon to remove them. Find malicious extensions and click on the Trash bin icon to remove them
  3. Open Chrome menu and go to Settings Manage Search engines under the Search section. Once you open browser's 'Settings', click on 'Manage search engines...' button
  4. In Search Engines..., configure default search engine settings. Remove untrustworthy ones. We advise you to leave only Google or another reputable website of your choice. Remove malicious search sites by clicking 'X'
  5. Reset all Google Chrome settings
    Open menu by clicking the button at the top right corner of Google Chrome, and go to Settings.
  6. Scroll down to find Reset browser settings button. Click on it. When in 'Settings', click Show advanced settings and then find 'Reset browser settings' button. Click on it.
  7. Click Reset to approve this action and finish Zeus Trojan removal. Click 'Reset' to finish the removal process.

Delete Zeus Trojan from Safari

  1. Delete suspicious browser extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and then select 'Preferences'
  2. Here, select Extensions and look for Zeus Trojan or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and remove untrustworthy extensions
  3. Reset all Safari settings
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and then select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Zeus Trojan removal process. Select all checkboxes and click 'Reset'

Even if you have completed all the steps above, we still strongly recommend you to scan your computer system with a powerful anti-malware software. It is advisable to do that because an automatic malware removal tool can detect and delete all remains of Zeus Trojan, for instance, its registry keys. The anti-malware program can help you to easily detect and eliminate possibly dangerous software and malicious viruses in an easy way. You can use any of our top-rated malware removal programs: ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

Securely connect to your website wherever you are

Sometimes you may need to log in to a content management system or server more often, especially if you are actively working on a blog, website, or different project that needs constant maintenance or that requires frequent content updates or other changes. Avoiding this problem can be easy if you choose a dedicated/fixed IP address. It's a static IP address that only belongs to a specific device and does not change when you are in different locations. 

VPN service providers such as Private Internet Access can help you with these settings. This tool can help you control your online reputation and successfully manage your projects wherever you are. It is important to prevent different IP addresses from connecting to your website. With a dedicated/fixed IP address, VPN service, and secure access to a content management system, your project will remain secure.

Recover files damaged by a dangerous malware attack

Despite the fact that there are various circumstances that can cause data to be lost on a system, including accidental deletion, the most common reason people lose photos, documents, videos, and other important data is the infection of malware.

Some malicious programs can delete files and prevent the software from running smoothly. However, there is a greater threat from the dangerous viruses that can encrypt documents, system files, and images. Ransomware-type viruses focus on encrypting data and restricting users’ access to files, so you can permanently lose personal data when you download such a virus to your computer.

The ability to unlock encrypted files is very limited, but some programs have a data recovery feature. In some cases, the Data Recovery Pro program can help recover at least some of the data that has been locked by a virus or other cyber infection.

About the author
Jake Doevan
Jake Doevan - Do not waste your precious time dealing with computer virus infections alone

If you found this free removal tutorial helpful, please consider making a donation to support us. Even the smallest amount will be appreciated and will help to keep this service alive.

Contact Jake Doevan
About the company Esolutions

Uninstall guides in different languages