Zeus Trojan - How to remove

Zeus Trojan is a very dangerous PC infection – it steals banking data and uses the infected computer’s resources to perform more crimes and cyberattacks. Although the original Zeus Trojan was retired in 2010, its code is still used in many modern variants. Zeus Trojan is also known as ZBot and works on Windows computers.

Details on Zeus Trojan:

Type of threat	Steals user data, downloads more malware, includes the PC in a botnet.
How Zeus Trojan spreads	Is installed by other trojans, gets downloaded by malicious email attachments, is promoted by malicious ads, is automatically downloaded by malicious websites.
Dangers of an infection	Your credit and debit card data may be stolen, password and usernames may also be stolen, cybercrimes may be performed using your computer, more malware can be downloaded automatically, the computer slows down.
How to get rid of Zeus Trojan	Scan your computer with a reliable antivirus program, such as Spyhunter.

Zeus – a banking trojan

Zeus is a banking trojan – steals user names/codes and passwords for online banking. It uses keylogging and form grabbing to accomplish this. Zeus actually popularized form grabbing as a method for stealing data. Like most banking trojans, Zeus targets specific bank sites and is tailored to specific countries. Generally, rich countries (USA, UK, Japan, Italy, Australia, etc.) and popular banks are most likely to be targeted. Zeus Trojan is a danger to Windows PCs used by individuals, as well as big business companies: it’s successfully infiltrated Amazon, Oracle, NASA, and was originally first discovered spying on the US Department of Transportation.

In addition to stealing credentials and other important data, Zeus Trojan could be used to add the infected PC to a botnet. A botnet is a network of computers infected with a particular trojan. Computers in a botnet are known as zombies and can be used to spread spam mail, steal data, get around IP-blocking, and for DDoS attacks.

Besides targeting personal computers, Zeus Trojan’s code is used for stealing credit and debit card data from point-of-sale devices – checkout. Many of these devices run the Windows operating system and can be infected just like a PC. In such a case, if you were to pay through an infected device, your data could be stolen through no fault of your own.

Malware based on Zeus

The original Zeus Trojan was actually retired in 2010. However, its code is still used by lots of malware creators after being released for free online. For one, Zeus Trojan’s author is suspected of having released Gameover Zeus – a superior info-stealer that also infected computers with CryptoLocker. Then there’s Terdot, an information stealer, which distributed a version of Zeus. SpyEye, Citadel, Neutrino, Zeus Panda, Floki Bot, and other malware were based heavily on Zeus Trojan, as was ZeusVM, a Botnet builder. There is malware based on malware that was based on Zeus. Needless to say, Zeus is still quite relevant today.

In a related note, some scams used the name of the Zeus Trojan to scare people into contacting phony tech support centers. These scammers manipulate scared people into buying fake security for up to a few hundred dollars.

Features and threats

With all the new malware, Zeus Trojan’s functionality can be expanded to include all the old and new features:

• keylogging (recording a user’s keypresses),
• form grabbing (forms are sets of fields used on webpages; they include names, dates, and passwords),
• field injection and other manipulation of webpages on the infected PC,
• downloading more malware,
• forcing the infected computer to restart,
• taking screenshots,
• detecting when the malware is being analyzed and hiding.

These functionalities allowed Zeus Trojan to steal millions of dollars from businesses and other organizations.

More usually, if your PC got Zeus Trojan on it, you may experience some bad effects:

• see a lot of pop-up ads and redirects,
• your email and social network contacts getting suspicious emails from you that you did not send,
• your online accounts being hacked,
• unauthorized purchases being made with your credit card,
• your computer and internet slowing down,
• unfamiliar programs getting installed.

If anything like that starts happening, your computer might have got infected with serious malware and needs to be scanned ASAP.

Zeus Trojan spreads in emails and malicious ads

Zeus Trojan infects computers through malicious ads, malicious email/social media spam, and delivered by another trojan.

Malicious ads and websites can use social engineering to distribute Zeus Trojan. Malicious sites impersonate a trusted organization to trick people into downloading and running Zeus. For example, in 2017, Zeus Trojan was distributed using a version of the “The needed font wasn’t found” scam, which tricked people into downloading and running a malicious file by telling them that it was a font pack required by their browser to display a website.

Automatic drive-by-downloads have also been used, and these usually use unpatched security bugs to infiltrate a vulnerable computer.

Malicious ads are generally spread on old and poorly-protected websites. It’s rare for them to appear on legitimate sites, but it can happen.

Zeus Trojan may also be distributed in malicious email and social media messages. The messages and emails spread links to infected websites that download and install Zeus, or they spread malicious files. These files could be pretty much anything that runs code: Word files, PDFs, calendar events. Like malicious websites, malicious emails often impersonate a trusted company to get people’s trust.

Finally, Zeus may get installed by a trojan that was already present on the PC. For example, Zeus Panda was distributed by Emotet. Emotet also spreads with malspam, so the gist of it is the same as described above.

How to avoid Zeus Trojan

One way to keep your system and your computer safe from Zeus and other trojans is to patch it.

Malicious ads generally use known security holes in unpatched (outdated) operating systems, browsers, media players, and other programs to force a computer to run malicious code and download malware. Once a serious security bug is discovered, it’s known (more or less) how it can be exploited for evil; that’s the reason why it’s considered a security bug! Updates to fix it are quickly released, but criminals, who learned of this bug as soon as the public did, create tools to take advantage of it. After all, they know that some people will fail to install the updates.

As Zeus Trojan spreads in emails, it’s also important to avoid malicious email spam. Don’t open suspicious emails, don’t run suspicious attachments without scanning them first, and certainly don’t enable macros. Always be suspicious of any urgent and important emails that don’t address you by your name. If you’re unsure, look up the text of the email to see if anyone else has got one, too.

If you trip up, a good anti-malware program, such as SpyHunter, could help you protect your computer. Some helpful features in a security program include real-time protection, including the blocking of malicious websites. Use the antivirus program to scan downloads before you run or open them.

According to some security experts, some Zeus Trojan variants, such as Floki Bot, are hard to detect for antivirus programs. Trojans like Zeus can see when they’re being analyzed and hide, so they’re difficult to discover and then research. Nevertheless, a good security program on your PC will detect most malware infections and you can perform a scan specifically to search for evasive malware, like by using an emergency scanner specifically for trojan removal. Zeus Trojan may be detected as ZBot, some kind of Trojan, RAT (remote access trojan), Infostealer, and by other names.

If your passwords were stolen by Zeus Trojan, clean your computer then change them. Don’t forget to make sure that 2-step verification is on wherever available. And if you think that your bank account was robbed, report this to your bank and law enforcement.

Automatic Malware removal tools