Are you seeing a pop-alert about a detected Trojan named Zeus? The pop-up could appear on both Windows and macOS operating systems. This article will help you remove “ZEUS VIRUS DETECTED” fully. Follow the tech support scam removal instructions at the end of the article.
ZEUS VIRUS DETECTED Virus Alert
ZEUS VIRUS DETECTED is a message which is related to a huge amount of scams, involving fake tech support teams. Trojan horse and ransomware viruses might be implemented in the scheme as well. These scams usually have websites that spread them, and can lock you out of your browser, making it unreachable.
Some of the ZEUS VIRUS DETECTED scams are more detailed and interact with your PC in a more complex way. They can lock your desktop, holding your system as a hostage similarly to ransomware viruses. Your files won’t be encrypted unless such a threat is accompanying the scam. Heaps of fake phone numbers are used to siphon money from callers. In most cases on the other line the cybercriminals pretend to work for Microsoft.
Threat Summary
| Name | "ZEUS VIRUS DETECTED" Scam |
| Type | Tech Support Scam |
| Short Description | A tech support scam stating that your computer is blocked due to the infamous Zeus virus. In some cases your PC (or Mac) is indeed blocked, almost beyond repair. The trick to the scam is to call a phone number, which is usually presented as a Microsoft Help Desk or Apple Support. |
| Symptoms | A message such as ZEUS VIRUS DETECTED pops up on your screen in the form of boxes, full-page or in any kind of other alert or notification message. While the messages appear, your PC (Mac) or screen will get locked, and you will be asked to contact a phone number. That number is related to cybercriminals that pretend to be tech support. |
| Distribution Method | Freeware Installers, Suspicious Sites, Redirects, Trojan Horse |
| Detection Tool |
See If Your System Has Been Affected by malware
Download
Malware Removal Tool
|
| User Experience | Join Our Forum to Discuss "ZEUS VIRUS DETECTED" Scam. |
Zeus Trojan – Brief Description
Zeus Trojan horse is a piece of malware that injects itself right into a computer gadget, under incorrect pretenses, for example presenting itself as the famous program Skype. You will not be shocked to discover that the term Trojan horse in computer comes from the old Greek tale of exactly how Greek soldiers stealthily got into Troy, by using a large wooden steed, offered as a present. A infection is a destructive program that when executed, will coldly begin duplicating itself as well as infecting other programs by modifying them without the user’s authorization.
ZEUS VIRUS DETECTED Scam – Description
The ZEUS VIRUS DETECTED spreads in many ways. A common way for it to appear is when you are surfing the Web. When you visit websites which are suspicious and of unknown origin, they can spread the scam via redirect links or advertisements. Clicking on the ads or redirects is not always necessary as any interaction with the site might trigger them. Sometimes, just by leaving a website open can drop malicious files on your computer which load other sites supporting the scam. Phishing websites can make the message of the scam appear, too. It is easy to land on such sites because of a single spelling mistake in a URL.
The worst case scenario that can happen to show you the ZEUS VIRUS DETECTED scam message is if you have a Trojan horse present in your system. The Zeus Trojan horse may have installed itself using some of the spread methods mentioned above, but bear in mind that there is a clear difference between the Trojan and the scam itself. In other cases, you may have installed it, without realizing that. You may have thought that you are installing an application which is useful. Many such third-party programs come bundled with other freeware and supposedly useful software. Unfortunately, some can secretly install additive features or even malware. One way to avoid is to search for a tickbox or a setting that allows you to deselect the installment of such additive features.
ZEUS VIRUS DETECTED a message that can appear on your screen from a tech support scam. The message can appear in a website page, notification, an error or a pop-up message. A phone number is always provided, which is supposed to be a number for contacting support technicians from Microsoft/Apple or another reputable company from the security sphere. They might even use the Windows logo at some instances or even use the layout of the Windows website to make the scam more believable like shown below:
The message states the following:
** ZEUS VIRUS DETECTED – YOUR COMPUTER HAS BEEN BLOCKED **
Error: Virus – Trojan Backdoor Hijack #365838d7f8a4fa5
IP: [your ip address] Browser:Internet Explorer [Your ISP]
Please call computer system technician immediately on: (855) 247-2419
Please do not ignore this safety alert. Your Microsoft System Has Been Compromised. If you close this page before calling us, your computer access will be disabled to prevent further damage and your data from being stolen.
In this case you see that message, know that your screen will look like its locked, but that is just a presumption. What is actually being locked is the browser itself. Furthermore, the tab at the top will be changed to say something like Microsoft or maybe Apple. You could get bombarded with pop-ups, redirects and new windows of your browser opening and doing the same. Clicking somewhere on the page should disable your cursor or you could select text depending on the browser.
The following two Web domains are known to be associated with the ZEUS VIRUS DETECTED scam:
- https://54.71.45.30/18009196053/?3678338184=1493225951a13daffaa8febc91a72c9e105e814fb6ee4774c6
- https://crash-h3a23z.info/contact/?a=AZ&pagex-7&s1=Ln792kKtyOyEUwaAqYnZPC4D-hlmPJcBJcBggHWaas-CRC8lfrDthVek73sOx
As your browser becomes locked, it could seem like your entire screen is blocked and you don’t have any access to it. In actuality, that is not true, as only your browser is locked but being pushed on top of all other windows, thus hiding them. You can still interact with your computer system by clicking the “Windows” button or the combinations known as “Ctrl+Alt+Del” etc. In some browsers, clicking on the “X” button also works, surprisingly.
Other examples of such messages include:
The text inside being:
**** Dont Restart Your Computer ****
Windows Detected ZEUS Virus, The Infection detected, indicate some recent downloads on the computer which in turn has created problems on the computer. Call technical support +1-800-919-6053 and share this B2957E to the Agent to Fix This.
and the following one threatening you that your hard drive will get wiped upon closing the browser’s page:
Your Hard drive will be DELETED if you close this page. You have a ZEUS virus! Please call Support Now!. Call Toll-Free: 0800-014-8826 To Stop This Process
Are you sure you want to leave this page?
Do not ignore this critical alert. If you close this page, your computer access will be disabled to prevent further damage to our network.Your computer has alerted us that it has been infected with a Pornographic Spyware and riskware. The following information is being stolen…
Financial Data
Facebook Logins
CC Details
Email Account Logins
Photos stored on this computer
You must contact us immediately so that our expert engineers can walk you through the removal process over the phone to protect your identity. Please call us within the next 5 minutes to prevent your computer from being disabled or from any information loss.
The con artists want to make you believe that the only way for fixing your computer machine is by calling a phone number, provided on the website. To help assist that further, a pre-recorded audio message will play, suggesting that your PC is infected with malware. They also will lie to you that they are part of the Microsoft technicians team or a similar one. That statement is not true and you should know that Microsoft doesn’t even have a phone number for Support. The whole charade is made in a way to convince you into calling the provided telephone number.
What Is The Zeus Virus – Update November 2019
Zeus virus still spreads in some shape or form even in November 2019. But if we ask the question “What is the Zeus virus?” we might get different answers. As the real Zeus virus has stopped being pushed on the Internet in its original form a long time ago. Now we get banking Trojans based on Zeus which are all but forks of the code’s origins and used to steal banking information or open the door for bigger virus infections on computer systems. Unfortunately, it doesn’t stop there as the Zeus virus is also used in hoax messages inside some technical support scams trying to scare users into giving up personal information. In some cases the scams are used for getting victims to dial a telephone number to install malware without knowing it is such.
ZEUS VIRUS DETECTED Scam – Update February 2020
ZEUS VIRUS DETECTED is a messages that is still circling around the Internet. If you see the message, you should do your best to avoid it as nothing good will come out of it. Even if you know about the legendary Zeus virus, do not fall for the scam related to it. You do not have malware on your PC and do not have to do the action you are told to, by the ZEUS VIRUS DETECTED scam. However, many new victims fall into the trap amidst the panic that the landing page creates with the alerts and all bells and whistles thrown into the scam. That is why, even in October 2019, you should be wary of similar messages, but take time to examine them and think before you act.
ZEUS VIRUS DETECTED Scam – Update September 2019
Multiple reports have been shared in the last few months regarding new activity of the “ZEUS VIRUS DETECTED” scam. Note that this new activity may not be directly associated with fake tech support scammers. Multiple users, customers of Cox Communications (the third-largest U.S. cable company), have received weird emails from the company regarding a possible infection with the Zeus Trojan. What is most curious in these cases is that none of the customers had any malware related to Zeus on their machines, as revealed by scans with anti-virus tools.
So why are Cox’s customers receiving such warnings from the company? It may be that these users were indeed compromised by fake tech support scammers, and the company’s security somehow detected the activity and sent out warnings. Another option suggested by security forum moderators is that Cox was just trying to convince customers to subscribe to the company’s premium technical support which is paid. Of course, this hasn’t been confirmed in any way and is only a suggestion.
What we know is that there is certainly activity around the “ZEUS VIRUS DETECTED” scam and you should be on the lookout.
ZEUS VIRUS DETECTED Scam – Update January 2020
Throughout the period that these scams have been active, newer notifications and texts have come out. Below you can see some of the latest instances, which includes this message:
That message states the following:
Windows Defender Alert : Zeus Virus Detected In Your Computer
Please Do Not Shut Down or Reset Your Computer.The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information
4.LocaI Hard Disk Files.
This virus is well known for complete identity and credit card theft Further
action through this computer or any computer on the network will reveal
private information and involve serious risks.
Call Microsoft Technical Department: +1 (888) 370-52-70 (Toll Free)
The next scam has also been reported by user fallen victim to it:
Its text reads:
Microsoft Alert
System Blocked for Security Reasons.
Call Microsoft Toll Free: 1-800-201-3517
Please ensure you do not restart your
computer it may lead to Permanent Damage to
the System or Data loss.WARNING – Microsoft windows has detected
that a zeus virus has infected your system
and trying to steal FINANCIAL INFORMATION,
pictures, data and social networking
passwords.Please Call Microsoft 1-800-201-3517 Now for
Support.Error Code : rundll32.exe
Those are alerts that claim that they are official alerts of Microsoft Windows and that the Zeus virus was detected on your computer.
Do NOT try calling the phone number under any circumstances. It is not toll free as promoted on the website, and even the shortest call may cost you a fortune. Not to mention that, while the con artists can present themselves as Microsoft employees, or any other reputable partners, they will try to get personal information and financial data about you. That information can be sold, and you could get into bigger problems, such as identity theft, your bank accounts getting emptied etc.
How To Get Rid of ZEUS VIRUS Scam?
To remove the “ZEUS VIRUS DETECTED” tech support scam and its related files manually from your PC or Mac, follow the step-by-step removal instructions provided below. If the manual removal guide does not get rid of the scam and its redirects completely, you should search for and remove any leftover items with an advanced anti-malware tool. Software like that will keep your system secure in the future.
Tsetso Mihailov
Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.
Follow Me:
Preparation before removing "ZEUS VIRUS DETECTED" Scam.
Before starting the actual removal process, we recommend that you do the following preparation steps.
- Make sure you have these instructions always open and in front of your eyes.
- Do a backup of all of your files, even if they could be damaged. You should back up your data with a cloud backup solution and insure your files against any type of loss, even from the most severe threats.
- Be patient as this could take a while.
- Scan for Malware
- Fix Registries
- Remove Virus Files
Step 1: Scan for "ZEUS VIRUS DETECTED" Scam with SpyHunter Anti-Malware Tool
Step 2: Clean any registries, created by "ZEUS VIRUS DETECTED" Scam on your computer.
The usually targeted registries of Windows machines are the following:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
You can access them by opening the Windows registry editor and deleting any values, created by "ZEUS VIRUS DETECTED" Scam there. This can happen by following the steps underneath:
Tip: To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value.Step 3: Find virus files created by "ZEUS VIRUS DETECTED" Scam on your PC.
1.For Windows 8, 8.1 and 10.
For Newer Windows Operating Systems
1: On your keyboard press + R and write explorer.exe in the Run text box and then click on the Ok button.
2: Click on your PC from the quick access bar. This is usually an icon with a monitor and its name is either “My Computer”, “My PC” or “This PC” or whatever you have named it.
3: Navigate to the search box in the top-right of your PC's screen and type “fileextension:” and after which type the file extension. If you are looking for malicious executables, an example may be "fileextension:exe". After doing that, leave a space and type the file name you believe the malware has created. Here is how it may appear if your file has been found:
N.B. We recommend to wait for the green loading bar in the navigation box to fill up in case the PC is looking for the file and hasn't found it yet.
2.For Windows XP, Vista, and 7.
For Older Windows Operating Systems
In older Windows OS's the conventional approach should be the effective one:
1: Click on the Start Menu icon (usually on your bottom-left) and then choose the Search preference.
2: After the search window appears, choose More Advanced Options from the search assistant box. Another way is by clicking on All Files and Folders.
3: After that type the name of the file you are looking for and click on the Search button. This might take some time after which results will appear. If you have found the malicious file, you may copy or open its location by right-clicking on it.
Now you should be able to discover any file on Windows as long as it is on your hard drive and is not concealed via special software.
"ZEUS VIRUS DETECTED" Scam FAQ
What Does "ZEUS VIRUS DETECTED" Scam Trojan Do?
The "ZEUS VIRUS DETECTED" Scam Trojan is a malicious computer program designed to disrupt, damage, or gain unauthorized access to a computer system.
It can be used to steal sensitive data, gain control over a system, or launch other malicious activities.
Can Trojans Steal Passwords?
Yes, Trojans, like "ZEUS VIRUS DETECTED" Scam, can steal passwords. These malicious programs are designed to gain access to a user's computer, spy on victims and steal sensitive information such as banking details and passwords.
Can "ZEUS VIRUS DETECTED" Scam Trojan Hide Itself?
Yes, it can. A Trojan can use various techniques to mask itself, including rootkits, encryption, and obfuscation, to hide from security scanners and evade detection.
Can a Trojan be Removed by Factory Reset?
Yes, a Trojan can be removed by factory resetting your device. This is because it will restore the device to its original state, eliminating any malicious software that may have been installed. Bear in mind, that there are more sophisticated Trojans, that leave backdoors and reinfect even after factory reset.
Can "ZEUS VIRUS DETECTED" Scam Trojan Infect WiFi?
Yes, it is possible for a Trojan to infect WiFi networks. When a user connects to the infected network, the Trojan can spread to other connected devices and can access sensitive information on the network.
Can Trojans Be Deleted?
Yes, Trojans can be deleted. This is typically done by running a powerful anti-virus or anti-malware program that is designed to detect and remove malicious files. In some cases, manual deletion of the Trojan may also be necessary.
Can Trojans Steal Files?
Yes, Trojans can steal files if they are installed on a computer. This is done by allowing the malware author or user to gain access to the computer and then steal the files stored on it.
Which Anti-Malware Can Remove Trojans?
Anti-malware programs such as SpyHunter are capable of scanning for and removing Trojans from your computer. It is important to keep your anti-malware up to date and regularly scan your system for any malicious software.
Can Trojans Infect USB?
Yes, Trojans can infect USB devices. USB Trojans typically spread through malicious files downloaded from the internet or shared via email, allowing the hacker to gain access to a user's confidential data.
About the "ZEUS VIRUS DETECTED" Scam Research
The content we publish on SensorsTechForum.com, this "ZEUS VIRUS DETECTED" Scam how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific trojan problem.
How did we conduct the research on "ZEUS VIRUS DETECTED" Scam?
Please note that our research is based on an independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware definitions, including the various types of trojans (backdoor, downloader, infostealer, ransom, etc.)
Furthermore, the research behind the "ZEUS VIRUS DETECTED" Scam threat is backed with VirusTotal.
To better understand the threat posed by trojans, please refer to the following articles which provide knowledgeable details.