Solved Zeus Trojan Virus

Mike H

New Member
Messages
10
I had trouble getting my new Outlook settings correct to communicate with my ISP. A quick search lead me to a bogus phone number for Verizon help - 1-866-666-5542. They connected to my new computer (HP 110-210 64 bit Win 8.1) and through a few command prompts produced a "tree" in the dos window that showed "zeus trozan"(not Trojan), at the very bottom. Claiming that all my network devices were now infected they wanted me to take them to a specific address and leave them for 3 -4 days and hundreds of dollars in cost. When I said I wouldn't be taking the devices anywhere they offered to fix it on line, again for hundreds of dollars. Believing I was being duped I cut the connection as quickly as I could. I have since run the Microsoft Malicious Software Removal and it found nothing. Is this tool and Windows Defender enough to ensure that my computer is malware/virus free?

Thanks in advance for your support,

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
Is this tool and Windows Defender enough to ensure that my computer is malware/virus free?

Thanks in advance for your support,

Mike

Don't Bet On It!

Not after the description you provided. They got into your computer and the removal tools you have used are not serious malware scanners IMO.

I would start by scanning with Malwarebytes, you can get the free download here
https://www.malwarebytes.org/

If it comes clean with that I think I would still scan with an additional scanner. There are some other good free programs available. I am sure there will be some other good recommendations.
 

My Computer

System One

  • OS
    windows 8.1 64, LT -Windows 10 Home 64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP 500-075 Desktop + HP 15-f018dx Laptop
    CPU
    Intel Core i5 3470 Ivy Bridge 3.2 GHz Quad Core/ LT - i3-4030U 1.9 GHz
    Motherboard
    Foxcon Joshua-H61-uATX
    Memory
    8 GB/ LT - 6GB
    Graphics Card(s)
    Intel Graphics Media Accelerator HD (DX10.1)
    Sound Card
    Integrated IDT 92HD73E
    Hard Drives
    1T HDD, 16G Sandisk Cache Drive, 2T Seagate 3.0 External
    Keyboard
    Wireless
    Mouse
    Wireless
    Browser
    IE11
    Antivirus
    Norton 360
    Other Info
    CyberPower UPS, Macrium Backup, Revo Pro, Malwarebytes Premium
Gator,

Thanks for the reply and link. Is there a reporting agency that I should refer this criminal(?) activity to?

Thanks again,

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
The fact they connected to your computer indicates they could have injected something harmful. Best not to take any chances.

In addition to doing a full system scan with Malwarebytes, following up with TDSSKiller & AdwCleaner would also be a recommended.

When installing Malwarebytes, be sure to uncheck the "Start free pro trial" which will come up towards the end of the installation. If MBAM finds anything, check the boxes next to the items & quarantine them.

Have a look at this article & save it for down the road in case you run into trouble.

The Zeus Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information.

Remove Zeus Trojan virus (Removal Instructions)

Contact Verizon, make them aware of what has happened & give them any information they might need.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Borg and Gator,

Again, thanks for the support. I ran the Malware, TDSSKiller and AdwCleaner. Nothing was found. Next I started on the procedure Borg included, Remove Zeus Trojan virus (Removal Instructions). I made it through step four then had to leave and get some sleep. At this point it had been some 5 hours of scanning and the EST(?) scan in step 5A, was taking f o r e v e r.

So I'll go back and finish the next scan tomorrow. In all of this scanning nothing but a few registry errors were found and they did not look suspicious to me. I've never seen a registry scan return zero errors so I am thinking all is well.

I will say that I did not INSTALL any of these programs, rather I ran them from the web using the free versions. Hope that meets with your approval, please let me know if it doesn't.

Thanks again,

Mike

Also - please forgive my noobness, what does IMO mean?
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
That's fine Mike. You didn't have to run the entire procedure based on the earlier findings, but in this case, it doesn't hurt. It never hurts to make an extra scan or 2 with another scanner, especially considering the amount of threats out on the web nowadays.

ESET can take a while & has been known to hang from time to time.

IMO - In My Opinion. You might also see IMHO (In My Humble Opinion).
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Borg,

Thanks a million billion. If this continues to go successfully I would like to take one additional step. Can/would you guide me through the dos commands to reproduce such a search/tree? Or is that really necessary?

Thanks again,

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
I haven't done that in quite a while, but I did find a tutorial for using DOS & the tree command. Probably not necessary, but it never hurts to look. Ah yes, the good old days for me, when knowing DOS was a necessity....LOL. Don't get me wrong, it is a good thing to know some of the basic commands, as they can help you out in certain instances.

MS-DOS tree command help
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Borg,

Thanks once more and one final time. Thanks to all, Borg and Gator especially, for supporting those who try but really don't know. I am reasonably sure that we are in the clear. Nothing what so ever was detected by any of the many scans I ran at your suggestions. I fumbled my way around the dos trees and found nothing there either.

I'll mark this one solved.

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
unexpected results

After running all the suggested Malware in this thread a new problem has risen. My mom loves to play scrabble on Facebook with her friends and relatives (oh good lord how I despise FB) but the scrabble page refuses to load. All I have tried thus far was to mark that page as a safe site in a couple of the internet explorer zones under the tools menu. The result was that instead of "hanging" the page just tried to continuously reload. So......... does anyone have an idea as how to correct this problem?

Thanks once again,

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
More then likely something is not being allowed. Some sites require cookies/Javascript to be enabled for the game to run. I've run into this problem before when I attempt to play a game online.

If you are using FF & you have NoScript installed you may need to allow some items there. Or you may need to allow 3rd party cookies. IE has ActiveX filtering that may need to be adjusted to allow certain items to run.

Try launching the browser in safe mode with all plug ins disabled. If the game runs, then it's a matter of finding what setting/plug in is blocking the game. I will caution you that if the game requires you to d/l a "special" item in order to play it, you should be wary as this can easily lead to infection.
 
Last edited:

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Borg,

The scrabble game is part of FaceBook. Doubt very much that my mom actually "loaded" it. She just clicks on the appropriate link and starts to play. It was working before I ran all the virus/malware scans. I believe it requires Java and I may try uninstalling Java and reinstalling that but I find it hard to believe that those scans would affect Java. I have the reports from the scans saved as notepad files. There were some registry entries deleted but I really don't like fooling with the registry and would not do so with out a little guidance from someone more knowledgeable than myself. Currently I am thinking of pursing these courses of action in the order listed.


1) uninstall/re-install Java

2) uninstall/re-install the latest IE update

3) return deleted files one at a time to the registry, delete them if they do not solve the problem

4) return computer to factory set up via the supplied HP recovery drive and start all over.

Any and all comments would be greatly appreciated.

Thanks,

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
Normally games online run under flash (not all, but most). Now, if she downloaded some program to enable her to play, that required Java, that could be one of the things that got deleted. One note though, that could have caused all those problems in the 1st place too, being that it could have come bundled with spyware/malware. And there are games out there that require Java to run. But a majority of the online games I've encountered need you to allow only flash or maybe cookies to play them. Hence the reason I was wondering if something was blocking a key element to allow the game to run.

If the registry entries that were deleted were listed as PUP's (Potentially Unwanted Programs), then that may have been what shorted out the game. Most of these games have a habit of tracking you (especially FB), so removing that entry may have affected it. If the registry entry was listed as virus/malware, better not to put it back.

Did you try going to the site with a safe mode browser & see if the game ran?

All of what you suggested is a good course of action, & I don't know what securities/plug ins your browser runs. If you've had a lot of probs with the computer, resetting it might be a good idea. Or doing a refresh or reset.

http://www.eightforums.com/tutorials/2293-refresh-windows-8-a.html

http://www.eightforums.com/tutorials/2302-reset-windows-8-a.html

This will show you how to use a new feature in Windows 8 and Windows 8.1 to reset your PC to completely start over back to default to remove all personal data, apps, and settings from the PC, and reinstall Windows. This is like doing a factory restore/recovery on a purchased computer or clean install, but a little faster.

You might also consider D/L ing an ISO of Win 8 & doing a clean install so that you don't have to deal with all the bloatware that comes with most laptops/PC's when you get them.

http://www.eightforums.com/tutorials/2299-clean-install-windows-8-a.html

http://www.eightforums.com/tutorials/18309-windows-8-windows-8-1-iso-download-create.html

http://www.eightforums.com/installation-setup/44415-how-install-windows-8-1-8-1-oem-key.html
 
Last edited:

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Borg,

Well it was a battle but it is done for the moment. Instead of uninstalling/re-installing Java as my first step I decided to uninstall/re-install Flash player first. As you probably know, and I learned, flash player isn't listed as an installed program. So being the smart guy I am I just downloaded the uninstall tool and let'er rip. Upon trying to reinstall Flash I discovered that it won't load. The installer thinks it is already loaded because I have Win8.1 :-<. Apparently it is treated like IE, as part of the OS and is installed as an update. Of course at the point your suggestion to try silvergames was pointless. As for safe mode, I had already disabled all accelerators and add-ons just to speed up the whole experience. At this point what I really really really wanted to do was a clean install of Win8.1. Getting rid of the crap I think you would refer to as bloatware would have been an added bonus to a fresh start. But to be honest the whole clean install with an OEM key embedded in the bios seemed a bit more than I could take on right now so I opted for the refresh and it worked well. After the obligatory 6 or so hours of updates there was only another 2 or 3 hours of set up before Mom was back to some facsimile of normal.

Thanks again to you and all who support those who try but really don't know.

Mike
 

My Computer

System One

  • OS
    Win7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion
Glad it's sort of sorted. You can always opt to do clean install some other time down the road.

If everything looks/runs well, you may want to consider making a system image. The link is to the tutorial & it's handy to have one so you can restore normal operations.

http://www.eightforums.com/tutorials/8956-system-image-create-windows-8-a.html

This tutorial will show you how to create a system image backup in Windows 8 and 8.1 to be able to use to restore the contents of your computer back to the state it was in when the system image was created if your HDD or computer ever stops working.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Back
Top