Remove Zeus Trojan (Uninstall Guide) - Mar 2019 updated
Zeus Trojan Removal Guide
Description of Zeus Trojan horse
Zeus virus a notorious banking trojan which name is still used in elaborate tech support scam schemes
Zeus virus (also known as ZeuS or Zbot) is a trojan horse that was first released back in 2007 for Windows operating systems and primarily used to steal financial data from victims, although it is not the only feature of the cyber threat. It was also used to insert CryptoLocker ransomware and record keystrokes. In addition, malware was involved in a massive compromise of high-profile organization sites from NASA, ABC, Oracle, Amazon, Cisco, and others. The multi-million dollar illegal business resulted in the arrest of more than 100 people related to Zeus trojan. At its prime in 2009, the virus infected 3.6 million machines worldwide and formed a most massive botnet to date. However, once ZeuS virus was terminated in 2011, tech support scammers started to actively abuse the name of the threat, inserting phishing messages into various websites and threatening users that their sensitive information will be compromised if they will not contact the alleged support via the provided number.
Name | Zeus |
Also known as |
Panda banker, Zbot, ZeuS, GameOver Zeus, Terdot |
Type | Trojan or tech support scam |
Purpose |
|
Scam variants |
|
Symptoms | Redirects to tech support scams and other potentially dangerous sites are usually caused by adware; Zeus trojan can slow down the PC, crash programs, increase the usage of computer resources, etc. |
Distribution | Adware is usually included in software bundles or on third-party websites |
Elimination | You can either check our manual removal instructions below or install security software |
Recovery | We recommend scanning your device with RestoroIntego to fix virus damage |
Since Zeus virus is no longer operational (although there is no guarantee that there is absolutely no chance of getting infected), we will focus on tech support scams in this article. By reading this post, you will find out how browser-based scams work, what causes them, and how to remove Zeus virus associated pop-ups and notifications.
Zeus trojan fake pop-ups can be encountered on Google Chrome, Internet Explorer, Mozilla Firefox, Opera, Safari, or any other browser. While such confrontation does not necessarily mean that the PC is infected with any type of malware, it might indicate adware presence. Nevertheless, users can encounter a fake Zeus trojan when redirected from another malicious website.
Adware is an ad-supported program that is distributed in software bundles. Typically, users will not notice its entry point, as it is deceptively hidden inside the installers of freeware or shareware applications. Its primary goal is to redirect users to sponsored sites and display pop-ups, deals, offers, coupons, and other commercial content.
Such a scheme provides adware authors with juice ad revenue, and the more users are exposed to the adverts, the more profit is gained. Unfortunately, adware authors usually do not check the sites they are affiliated with, which results in redirects to malware-laden, survey scam, or support-scam sites like “Zeus Virus Detected.”
To remove Zeus virus tech support messages from the browsers, users will have to eliminate adware that is spawning such messages. Unfortunately, it is not that easy in some cases, as PUPs might be hiding under legitimate names or use other stealth tactics.
Therefore, in some cases, it is best to use security software that can detect and take care of Zeus virus removal automatically. We also advise users to scan their devices with RestoroIntego for best results.
Tech support scam analysis
It’s hard to find a computer user who hasn’t heard about a dangerous cyber threat called Zeus trojan. This malware inspired other cybercriminals to create scareware. It’s a malicious application designed to trick users into installing or buying potentially dangerous software.
Most of the time scammers offer to buy a bogus antivirus program. Therefore, while browsing the Internet users may receive a pop-up or ad that informs that Zeus virus has been detected on their computers. Of course, seeing this message, it’s hard to stay calm and not to freak out.
However, you should know that warnings about computer infections can deliver only the antivirus program that you have installed on your PC. If you encounter this ad, do not click on it. You may be redirected to a potentially dangerous website where you may be offered to purchase a fake program that can remove Zeus virus, or call fraudulent technical support services.
If you see one of these phone numbers, do not consider calling them: 1-800-014-8826, 1-844-324-6233 or 1-844-680-1071. They may be charged a lot, and Zeus virus scammers may try to get your personal information. When warning messages keep popping up on your browser, you should scan your computer with anti-malware software and let it remove all malicious components that have sneaked inside your PC. The same program can be used for Zeus removal as well.
Zeus virus scam variants
There are several different pop-up messages users can encounter that claim the Zeus virus infection. We will discuss some of them.
Windows Defender Alert: Zeus Virus
Windows Defender alert: Zeus virus is a scam that appears on a random website and displays a message that reminds a Blue Screen of Death window. Bad actors often imitate the looks of legitimate messages in order to make the hoax more believable.
Users might be shown Windows Defender Alert Zeus Virus Detected notification if they get redirected from an unsafe site or due to adware infection. The page, engineered by crooks claims that Windows Defender (which is a built-in security software from Microsoft) has detected a Zeus virus on the device, and asks users not to restart the PC.
Bad actors then proceed explaining that such personal data like banking information, passwords and other details will be compromised unless the alleged technical support at +1-844-313-7003 (number might vary) is contacted.
The truth is, closing the page will not result in anything, and contacting cybercriminals is the worst solution. Instead, users should scan their devices for adware or other PUPs to stop fake Windows Defender Alert Zeus Virus Detected alerts.
You Have a ZEUS virus
You have a Zeus virus scam is a variant of a tech support scam that urges users to call 1-844-859-0337 due to Zeus virus infection. In addition to the usual threat of personal information being stolen, this variant claims that the entire hard drive will be deleted:
WARNING! Your Hard drive will be DELETED if your close this page. You have a ZEUS Virus! Please call Support Now!. Call Toll-Free: 1-844-859-0337 To Stop This Process
The deletion of “hard drive” can be only accomplished by ransomware type that is called wiper. Such viruses are created to encrypt or corrupt data on the device without a possibility to restore it. Developers of such malware do not send out messages to victims that their data will be deleted, as it is counterproductive.
Additionally, You have a Zeus virus scam authors did not express themselves that well, as deletion of hard drive literally means the removal of hardware, which is impossible. It is always beneficial to catch crooks making such mistakes – it makes recognition of the hoax much easier.
Security Update Error 0xB6201879. Authentification required
Security Update Error 0xB6201879. Authentification required is a scam message that is very similar to other variants that use a blue background to imitate BSoD error message. However, the fake Error 0xB6201879 also spawns a pop-up window that prompts users to enter the Username and Password. It is unclear what type of credentials hackers are asking for, but listing the details is not a good idea. The pop-up message states:
http://b2-2609123.tk is requesting your user name and password. The site says: “Security Update Error 0xB6201879 Help Desk: 44-800-090-3820 (TOLL-FREE)”
Those who contact the fake tech support might be asked to perform several actions that should not be done in any case when thinking about computer security:
- Entering specific websites and downloading/installing unknown software;
- Asking to install bogus applications that might harm the computer;
- Remotely accessing the computer and installing malware or stealing personal data;
- Asking for credit card details for various reasons.
As usual, do not trust a word that the fake tech support says, as it is all done for the monetary benefit and is entirely false. Do not contact bad actors in the first place – there is no need to. Instead, hurry up and remove adware associated with fake Zeus virus messages.
Adware leads to malicious sites – here's how it is distributed
Adware is software that is sponsored by advertisements. While there is nothing wrong in such a monetizing method, it is sadly not used correctly by most PUP developers. Ads are often connected in a giant network automatically, the information about user browsing habits is also shared between parties. The scheme is so large that tracking the connections becomes almost impossible.
Showing relevant ads to users might even improve the experience and help them find what they need. However, persistent and intrusive ads that sometimes lead to malware-ridden and phishing sites are straight out malicious and can result in horrible consequences.
Therefore, adware is not a welcomed guest on anybody's PC, at least not on those who value their online privacy and computer security. There are several mitigation means to reduce the chance of infection:
- Use anti-virus software that specializes in PUP detection and removal;
- Avoid unknown third-party site downloads;
- Carefully check for documents like Terms of Service and Privacy Policy;
- Do not rush the installation procedure of shareware/freeware – examine each step carefully to avoid tricks used by PUP authors (pre-ticked boxes, grayed out buttons, etc.);
- When prompted, opt for Advanced/Custom settings instead of Recommended/Quick ones to prevent optional components from being installed together with the initial application;
- Make use of ad-blocking software that can stop malicious pop-ups.
Terminate Zeus trojan fake alerts from your system
There is a very little chance of you getting infected with a real Zeus trojan virus, as it is very old and has been discontinued for many years. Nevertheless, as we previously stated, it does not mean that the infection of the threat is impossible. However, most modern security solutions would take care of Zeus virus removal, as long as the program is up to date.
In case you are suffering from redirects to suspicious and phishing sites, you need to remove Zeus virus adware associated with the unwanted activity. You can use our manual instructions below or make use of a security application that focuses on PUPs. While the former solution might be effective, experts recommend scanning the device with anti-malware software regularly.
You may remove virus damage with a help of RestoroIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
Getting rid of Zeus Trojan. Follow these steps
Uninstall Zeus Trojan in Windows systems
To stop fake Zeus virus alerts on Windows, please follow these instructions:
Terminate suspicious programs from Windows 10/8 machines by following these instructions:
- Type Control Panel into Windows search and once the result shows up hit Enter.
- Under Programs, choose Uninstall a program.
- Find components related to suspicious programs.
- Right-click on the application and select Uninstall.
- Click Yes when User Account Control shows up.
- Wait for the process of uninstallation to be done and click OK.
Windows 7/XP instructions:
- Click on Windows Start and go to Control Panel on the right pane.
- Choose Add/Remove Programs.
- Select Uninstall a program under Programs in Control Panel.
- Click once on the unwanted application.
- Click Uninstall/Change at the top.
- Confirm with Yes.
- Click OK and finish the removal.
Uninstall Zeus Trojan in Mac OS X system
If your macOS is displaying the signs of adware infection and browsers are redirecting you to scam sites constantly, follow this guide:
-
Users who use OS X should click on Go button, which can be found at the top left corner of the screen and select Applications.
-
Wait until you see Applications folder and look for Zeus Trojan or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash.
Delete Zeus Trojan from Microsoft Edge
As soon as you eliminate adware from your device, reset MS Edge to its default settings:
Delete suspicious extensions from MS Edge:
- Go to the Menu by clicking on the three horizontal dots at the top-right.
- Then pick Extensions.
- Choose the unwanted add-ons on the list and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other data:
- Click on the Menu and from the context menu select Privacy & security.
- Under Clear browsing data, select Choose what to clear.
- Choose everything except passwords, and click on Clear.
Alter new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge fully:
- Click on the keyboard Ctrl + Shift + Esc to open Task Manager.
- Choose More details arrow at the bottom.
- Go to Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it.
- Right-click on each of them and select End Task to stop MS Edge from running.
When none of the above solves the issue, you might need an advanced Edge reset method, but you need to backup your data before proceeding.
- Find the following folder on the PC: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on the selection and choose Delete
- Right-click on the Start button and pick Windows PowerShell (Admin).
- Copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions:
- Open Edge and click Settings.
- Then find Extensions.
- Delete unwanted extensions with the Remove.
Clear cache and site data:
- Click on Menu and then Settings.
- Find Privacy and services.
- Locate Clear browsing data, then click Choose what to clear.
- Time range.
- Click All time.
- Select Clear now.
Reset Chromium-based MS Edge browser fully:
- Go to Settings.
- On the left side, choose Reset settings.
- Select Restore settings to their default values.
- Click Reset.
Delete Zeus Trojan from Mozilla Firefox (FF)
Remove suspicious Firefox extensions:
- Open Mozilla Firefox browser and click on the three horizontal lines at the top-right to open the menu.
- Select Add-ons in the context menu.
- Choose plugins that are creating issues and select Remove.
Reset the homepage on the browser:
- Click three horizontal lines at the top right corner.
- This time select Options.
- Under Home section, enter your preferred site for the homepage that will open every time you launch Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Options.
- Find the Privacy & Security section.
- Scroll down to choose Cookies and Site Data.
- Click on Clear Data… option.
- Click Cookies and Site Data, Cached Web Content and press Clear.
Reset Mozilla Firefox:
If none of the steps above helped you, reset Mozilla Firefox as follows:
- Open Mozilla Firefox and go to the menu.
- Click Help and then choose Troubleshooting Information.
- Locate Give Firefox a tune-up section, click on Refresh Firefox…
- Confirm the action by pressing on Refresh Firefox on the pop-up.
Chrome browser reset
Adware can inject other applications without consent, such as browser hijackers. These PUPs are developed to change web browser settings. To revert these modifications, reset Google Chrome:
Find and remove suspicious extensions from Google Chrome:
- In Google Chrome, open the Menu by clicking three vertical dots at the top-right corner.
- Select More tools > Extensions.
- Once the window opens, you will see all the installed extensions.
- Find any suspicious add-ons related to any PUP.
- Uninstall them by clicking Remove.
Clear cache and web data from Chrome:
- Click the Menu and select Settings.
- Find Privacy and security section.
- Choose Clear browsing data.
- Select Browsing history.
- Cookies and other site data, also Cached images and files.
- Click Clear data.
Alter settings of the homepage:
- Go to the menu and choose Settings.
- Find odd entries in the On startup section.
- Click on Open a specific or set of pages.
- Then click on three dots and look for the Remove option.
Reset Google Chrome fully:
You might need to reset Google Chrome and properly eliminate all the unwanted components:
- Go to Chrome Settings.
- Once there, scroll down to expand Advanced section.
- Scroll down to choose Reset and clean up.
- Click Restore settings to their original defaults.
- Click Reset settings again.
Delete Zeus Trojan from Safari
Get rid of questionable extensions from Safari:
- Click Safari.
- Then go to Preferences…
- Choose Extensions on the menu.
- Select the unwanted extension and then pick Uninstall.
Clear cookies from Safari:
- Click Safari.
- Choose Clear History…
- From the drop-down menu under Clear, find and pick all history.
- Confirm with Clear History.
Reset Safari fully:
- Click Safari and then Preferences…
- Choose the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop.
- Then select Empty Caches.
Even if you have completed all the steps above, we still strongly recommend you to scan your computer system with a powerful anti-malware software. It is advisable to do that because an automatic malware removal tool can detect and delete all remains of Zeus Trojan, for instance, its registry keys. The anti-malware program can help you to easily detect and eliminate possibly dangerous software and malicious viruses in an easy way. You can use any of our top-rated malware removal programs: RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting viruses
Securely connect to your website wherever you are
Sometimes you may need to log in to a content management system or server more often, especially if you are actively working on a blog, website, or different project that needs constant maintenance or that requires frequent content updates or other changes. Avoiding this problem can be easy if you choose a dedicated/fixed IP address. It's a static IP address that only belongs to a specific device and does not change when you are in different locations.
VPN service providers such as Private Internet Access can help you with these settings. This tool can help you control your online reputation and successfully manage your projects wherever you are. It is important to prevent different IP addresses from connecting to your website. With a dedicated/fixed IP address, VPN service, and secure access to a content management system, your project will remain secure.
Recover files damaged by a dangerous malware attack
Despite the fact that there are various circumstances that can cause data to be lost on a system, including accidental deletion, the most common reason people lose photos, documents, videos, and other important data is the infection of malware.
Some malicious programs can delete files and prevent the software from running smoothly. However, there is a greater threat from the dangerous viruses that can encrypt documents, system files, and images. Ransomware-type viruses focus on encrypting data and restricting users’ access to files, so you can permanently lose personal data when you download such a virus to your computer.
The ability to unlock encrypted files is very limited, but some programs have a data recovery feature. In some cases, the Data Recovery Pro program can help recover at least some of the data that has been locked by a virus or other cyber infection.