This article will help you remove “ZEUS VIRUS DETECTED” fully. Follow the tech support scam removal instructions at the end of the article.
“ZEUS VIRUS DETECTED” is a message which is related to a huge amount of scams, involving fake tech support teams. Trojan horse and ransomware viruses might be implemented in the scheme as well. These scams usually have websites that spread them, and can lock you out of your browser, making it unreachable. Some of the “ZEUS VIRUS DETECTED” scams are more detailed and interact with your PC in a more complex way. They can lock your desktop, holding your system as a hostage similarly to ransomware viruses. Your files won’t be encrypted unless such a threat is accompanying the scam. Heaps of fake phone numbers are used to siphon money from callers. In most cases on the other line the cybercriminals pretend to work for Microsoft.
|Name||"ZEUS VIRUS DETECTED" Scam|
|Type||Tech Support Scam|
|Short Description||A tech support scam stating that your computer is blocked due to the infamous Zeus virus. In some cases your PC is indeed blocked, almost beyond repair. The trick to the scam is to call a phone number, that is usually presented as a Microsoft Help Desk one.|
|Symptoms||A message such as “ZEUS VIRUS DETECTED” pops up on your screen in the form of boxes, full-page or in any kind of other alert or notification message. While the messages appear, your PC or screen will get locked, and you will be asked to contact a phone number. That number is related to cybercriminals that pretend to be tech support.|
|Distribution Method||Freeware Installers, Suspicious Sites, Redirects, Trojan Horse|
|Detection Tool|| See If Your System Has Been Affected by "ZEUS VIRUS DETECTED" Scam |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss "ZEUS VIRUS DETECTED" Scam.|
“ZEUS VIRUS DETECTED” Scam – Update May 2019
Multiple reports have been shared in the last few months regarding new activity of the “ZEUS VIRUS DETECTED” scam. Note that this new activity may not be directly associated with fake tech support scammers. Multiple users, customers of Cox Communications (the third-largest U.S. cable company), have received weird emails from the company regarding a possible infection with the Zeus Trojan. What is most curious in these cases is that none of the customers had any malware related to Zeus on their machines, as revealed by scans with anti-virus tools.
So why are Cox’s customers receiving such warnings from the company? It may be that these users were indeed compromised by fake tech support scammers, and the company’s security somehow detected the activity and sent out warnings. Another option suggested by security forum moderators is that Cox was just trying to convince customers to subscribe to the company’s premium technical support which is paid. Of course, this hasn’t been confirmed in any way and is only a suggestion.
What we know is that there is certainly activity around the “ZEUS VIRUS DETECTED” scam and you should be on the lookout.
“ZEUS VIRUS DETECTED” Scam – Spread
The “ZEUS VIRUS DETECTED” spreads in many ways. A common way for it to appear is when you are surfing the Web. When you visit websites which are suspicious and of unknown origin, they can spread the scam via redirect links or advertisements. Clicking on the ads or redirects is not always necessary as any interaction with the site might trigger them. Sometimes, just by leaving a website open can drop malicious files on your computer which load other sites supporting the scam. Phishing websites can make the message of the scam appear, too. It is easy to land on such sites because of a single spelling mistake in a URL.
The worst case scenario that can happen to show you the “ZEUS VIRUS DETECTED” scam message is if you have a Trojan horse present in your system. The Trojan horse may have installed itself using some of the spread methods mentioned above. In other cases, you may have installed it, without realizing that. You may have thought that you are installing an application which is useful. Many such third-party programs come bundled with other freeware and supposedly useful software. Unfortunately, some can secretly install additive features or even malware. One way to avoid is to search for a tickbox or a setting that allows you to deselect the installment of such additive features.
“ZEUS VIRUS DETECTED” Scam – Analysis
“ZEUS VIRUS DETECTED” a message that can appear on your screen from a tech support scam. The message can appear in a website page, notification, an error or a pop-up message. A phone number is always provided, which is supposed to be a number for contacting support technicians from Microsoft or another reputable company from the security sphere. They might even use the Windows logo at some instances or even use the layout of the Windows website to make the scam more believable like shown below:
The message states the following:
** ZEUS VIRUS DETECTED – YOUR COMPUTER HAS BEEN BLOCKED **
Error: Virus – Trojan Backdoor Hijack #365838d7f8a4fa5
IP: [your ip address] Browser:Internet Explorer [Your ISP]
Please call computer system technician immediately on: (855) 247-2419
Please do not ignore this safety alert. Your Microsoft System Has Been Compromised. If you close this page before calling us, your computer access will be disabled to prevent further damage and your data from being stolen.
In this case you see that message, know that your screen will look like its locked, but that is just a presumption. What is actually being locked is the browser itself. Furthermore, the tab at the top will be changed to say something like Microsoft. You could get bombarded with pop-ups, redirects and new windows of your browser opening and doing the same. Clicking somewhere on the page should disable your cursor or you could select text depending on the browser.
The following two Web domains are known to be associated with the “ZEUS VIRUS DETECTED” scam:
As your browser becomes locked, it could seem like your entire screen is blocked and you don’t have any access to it. In actuality, that is not true, as only your browser is locked but being pushed on top of all other windows, thus hiding them. You can still interact with your computer system by clicking the “Windows” button or the combinations known as “Ctrl+Alt+Del” etc. In some browsers, clicking on the “X” button also works, surprisingly.
Other examples of such messages include:
The text inside being:
**** Dont Restart Your Computer ****
Windows Detected ZEUS Virus, The Infection detected, indicate some recent downloads on the computer which in turn has created problems on the computer. Call technical support +1-800-919-6053 and share this B2957E to the Agent to Fix This.
and the following one threatening you that your hard drive will get wiped upon closing the browser’s page:
Your Hard drive will be DELETED if you close this page. You have a ZEUS virus! Please call Support Now!. Call Toll-Free: 0800-014-8826 To Stop This Process
Are you sure you want to leave this page?
Do not ignore this critical alert. If you close this page, your computer access will be disabled to prevent further damage to our network.Your computer has alerted us that it has been infected with a Pornographic Spyware and riskware. The following information is being stolen…
Email Account Logins
Photos stored on this computer
You must contact us immediately so that our expert engineers can walk you through the removal process over the phone to protect your identity. Please call us within the next 5 minutes to prevent your computer from being disabled or from any information loss.
The con artists want to make you believe that the only way for fixing your computer machine is by calling a phone number, provided on the website. To help assist that further, a pre-recorded audio message will play, suggesting that your PC is infected with malware. They also will lie to you that they are part of the Microsoft technicians team or a similar one. That statement is not true and you should know that Microsoft doesn’t even have a phone number for Support. The whole charade is made in a way to convince you into calling the provided telephone number.
“ZEUS VIRUS DETECTED” Scam – Update September 2017
Throughout the period that these scams have been active, newer notifications and texts have come out. Below you can see some of the latest instances, which includes this message:
That message states the following:
Windows Defender Alert : Zeus Virus Detected In Your Computer
Please Do Not Shut Down or Reset Your Computer.
The following data will be compromised if you continue:
2. Browser History
3. Credit Card Information
4.LocaI Hard Disk Files.
This virus is well known for complete identity and credit card theft Further
action through this computer or any computer on the network will reveal
private information and involve serious risks.
Call Microsoft Technical Department: +1 (888) 370-52-70 (Toll Free)
The next scam has also been reported by user fallen victim to it:
Its text reads:
System Blocked for Security Reasons.
Call Microsoft Toll Free: 1-800-201-3517
Please ensure you do not restart your
computer it may lead to Permanent Damage to
the System or Data loss.
WARNING – Microsoft windows has detected
that a zeus virus has infected your system
and trying to steal FINANCIAL INFORMATION,
pictures, data and social networking
Please Call Microsoft 1-800-201-3517 Now for
Error Code : rundll32.exe
Those are alerts that claim that they are official alerts of Microsoft Windows and that the Zeus virus was detected on your computer.
Do NOT try calling the phone number under any circumstances. It is not toll free as promoted on the website, and even the shortest call may cost you a fortune. Not to mention that, while the con artists can present themselves as Microsoft employees, or any other reputable partners, they will try to get personal information and financial data about you. That information can be sold, and you could get into bigger problems, such as identity theft, your bank accounts getting emptied etc.
“ZEUS VIRUS DETECTED” Scam Removal
To remove the “ZEUS VIRUS DETECTED” tech support scam and its related files manually from your PC, follow the step-by-step removal instructions provided below. If the manual removal guide does not get rid of the scam and its redirects completely, you should search for and remove any leftover items with an advanced anti-malware tool. Software like that will keep your system secure in the future.