How to remove Trojan Zeus.

[Tommy]

What is Trojan Zeus?

Zeus (also known as Zbot, PRG, Wsnpoem, Gorhax and Kneber) is a Trojan horse that steals banking information by keystroke logging. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.

Read more: http://en.wikipedia.org/wiki/Zeus_%28trojan_horse%29


Trojan Zeus Removal

Here are some tools for removing Trojan Zeus and how to use them.

Malwarebytes Antimalware

NOTE If you already have Malwarebytes installed click the "update" tab then click check for updates.

Download locations:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://www.filehippo.com/download_malwarebytes_anti_malware/

First download the Malwarebytes from one of the links above. Once you have downloaded it run the installer:

Click run.

Chose your language.

Click next.

Read the turns of use. Then check I agree to the terms of use then click next.

Click next.

Click next.

Click next.

Click next.

Click install. Give it a minute to install.

Make sure update and launch are checked then click finish.

---

Make sure quick scan or full scan are checked then click scan. I recommend you do a quick scan if you want it done quicker. You can run a full scan however it would take about and hour or more.

Make sure quick scan or full scan are checked then click scan. I recommend you do a quick scan if you want it done quicker. You can run a full scan however it would take about and hour or more.

Once Malwarebytes antimalware tells you the scan is over click ok then show results.

Click remove selected. Give Malwarebytes antimalware a minute or more to remove the infection.

A log file should pop up. You may exit the log file.

When Malwarebytes asks you to restart your computer click yes. Once your computer restarted Trojan Zeus should be removed.

I will might add more removal tools for Trojan Zeus if needed but Malwarebytes antimalware should be able to remove it completely.

 

[bogdan]

Sorry, but it needs more work.

How it works, what it does (what files it creates, what reg keys, what processes) - how to spot infections. How the users get infected. Note that they are multiple variants.
No need to post sceenshots of the entire install of malwarebytes.
Screenshots should only include the program window.
You basically need to do research & analysis on your sample inside a vm.

 

[Tommy]

Alright sorry about that. I will edit it. There just wasn't much to say about Trojan Zeus since it's pretty quite. I will study it more. Also it is very hard to spot the infection since you can't tell what it's doing and it doesn't show up in taskmanager. It barely does anything you can really notice to the system either. Thanks for the feedback. Sorry this was my first guide and I really made it for feedback for any future guides

 

[bogdan]

I am not experienced at doing this. But I just feel that it needs more, Zeus is also a complicated trojan with many versions that evolved quickly. Here are a few links: An older post it shows what files/reg keys it uses and how to remove it. Technologies used in different Zeus variants and how much they cost malware authors. An article about how wide-spread it is. TrendLab's analysis of the trojan.

Please don't let my post discourage you. The reason why there are so many Fake AV-s in the Malware Self-Removal Guides forum is because they are easier to analyze and not as complicated as Zeus.