How to remove Zeus virus


Zeus virus example

What is Zeus virus

Zeus is a Trojan virus that has made a lot of noise since 2007. The greatest damage it caused to the financial systems of banks. Zeus is a malicious program to steal data. Experts on cybersecurity called it "a convenient, effective and universal technological masterpiece". The virus was embedded in the operating system, stealing data such as PIN-codes, passwords, logins - everything that can open access to the victim's electronic account. In the future, Zeus transferred money to other accounts on behalf of the user. Infection occurred through all sorts of letters and notifications. After infection, the virus acted as a keylogger - tracked and transferred all the actions of the owner of the computer, including the introduction of characters from the keyboard and the mouse action. Having received all the necessary information, Zeus used this data to steal money. The attack was inconspicuous, and completely on behalf of the user. Therefore, many accountants of large companies were dismissed for erroneous suspicion of assistance. The bank authorization system, consisting at that time of two levels of protection, was powerless, as well as one-time admissions for entry, and authorization tokens. In the same way, the virus can transparently change the addresses of the sites through its advertising banners to its infected ones, which may even look similar to the original sites. In the algorithms of the virus, there is also a one-time fixed amount for withdrawals, the size of which will not raise suspicion among automatic banking systems. If the user himself tries to access his account, he will be redirected to a fake bank request form. There is also a version of this virus for mobile devices.

Evolution of the virus

The period from 2006 to 2007 is the years of the emergence of the Zeus virus. Then another 22-year-old Russian Eugene Bogachev created his creation and gradually promoted it among his entourage. The creator of the virus was able to achieve the introduction of his brainchild through links-traps in social networks, false notifications about updates, and even with the false signature of anti-virus databases from Kaspersky. For the first time a virus of this type could infect a computer through a social network, including through Facebook. On the verge of impudence was a message hidden in Zeus files, in which the creator thanked the developers of Kaspersky Anti-Virus and Avira for the vulnerabilities.


2009 was the heyday of the Zeus virus. Abroad, huge amounts of money began to disappear from banks, including from the national bank of Omaha and the American company First Data. The victims were infected through false notifications and emails, which opened not only allowed the virus to enter the system, but also infected through hidden spam and other computers. From now on, the notorious Zeus name hid a small group of hackers, expanding its influence further and further, Zeus itself built in Jabber Zeus, a tool for communication between hackers.


In 2010, an updated version of the virus appeared. Now there was a binding of the virus to its owner for further remote control. An updated version could buy anyone for an indiscreet amount of 10 thousand dollars.


2011 marked the next evolution of the virus. Now the command centers for the management of the program were many, and they all communicated among themselves. This further complicated the fight against the virus, since there was no such tight attachment to the single control center. The new version is called GameOver Zeus.
In the following years, the virus continued to steal huge amounts of money. In 2014, cyber security specialists were able to resist the attacks of the virus largely, but it was not completely eradicated, and in 2015, a reward of $ 3 million was awarded for information to catch the author of the virus.

How to remove Zeus virus

Virus removal occurs in two stages, first, you need to clean your browser, and secondly, remove the virus from the system.

Removing virus traces in the browser

First of all, this virus knocks down the browser settings. No matter which browser is used, one task is to get rid of the virus: reset browser settings to default values. The virus supersedes some parameters, it can be installed as a new extension for the browser. This can later be manifested by an abundance of advertising in the window, changing the start page, spontaneous transitions on the "fake" links.

For Google Chrome users

In this case, you must first find the browser folder. As a rule, it is located on the system local disk at Users\"Ваше имя пользователя"\AppData\Local\Google\Chrome\Application\User Data. In this folder there is a folder Default, which needs to be renamed to any other name (let it be a backup copy). After launching the browser, the folder will be created again, and all settings will be reset to their original settings.


1. Launch Google Chrome

2. Click Menu (Customize and control Google Chrome)

3. Select Settings

4. Scroll down and click Show advanced settings...

5. Click Reset settings

How to find Google Chrome Settings How to find Show advanced settings in Google Chrome How to Reset settings in Google Chrome


Mozilla Firefox

In the Firefox window, you must select "Help", then "ITroubleshooting information". There will be a button "Reset Firefox", after clicking it you should click "Finish".


1. Launch Mozilla Firefox

2. Click on Help on menu bar

3. Select Troubleshooting information

4. Click Reset Firefox...

How to find Mozilla Firefox Troubleshooting information How to launch Reset Firefox... Reset Mozilla Firefox: last step


For Internet Explorer users

Now very few people use this browser, but still: to reset the settings, click on "Tools" in the upper right part of the browser window (the gear icon) and click on "Browser property". In the window that appears, click the "Advanced" button "Reset" button and agree with the solution.


1. Launch Internet Explorer

2. Click Tools (You can press ALT+X on the keyboard)

3. Select Internet Options

4. Select Advanced tab

5. Click Reset... button

6. Put the tick near 'Delete personal settings' and click Reset

How to launch Internet Options in Internet Explorer How to find Advanced Internet Options in Internet Explorer How to reset Internet Explorer settings


For Opera users

As in the case of Google Chrome, the fastest way to make a complete reset in Opera can be by deleting the folder with the settings files. To do this, click on the "O" icon at the top left of the screen and click "About" in the appeared menu. In the "Paths" section, you can find the installation directory for the browser itself and its settings. Now that everything is known, you can delete the "Profile" and "Cache" folders.

Cleaning the system

Now that the browser is OK, you can completely close it and clean up the virus. Such well-known programs for combating malicious software such as Malwarebytes Anti Malware, Plumbytes Anti-Malware, Reimage, Rkill, HitmanPro, etc., will help in this. These utilities are well proven in the fight against this type of threats .





Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [2 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience