Severity scale:  
  (57/100)

Zeus virus. 6 versions listed. Removal guide included. 2019 update

removal by Jake Doevan - - | Type: Viruses

Zeus virus is a banking Trojan which can be included in the tech support scam

Zeus virus popup
Zeus trojan is malware that is designed to steal personal data, such as banking details or other credentials. However, the alert with Zeus name is nothing but a scam

Questions about Zeus Trojan

Zeus virus is a malicious trojan horse[1] which is alternatively known as Panda Banker. It shares many similar traits with Terdot, Coinminer, Emotet, Ursnif, and many other Trojan horses. First detected in 2007, malware was considered to be one of the most successful pieces of the virus that managed to infect millions of PCs worldwide. However, the malware was disabled after its source code was leaked in 2011.[2] Nevertheless, its name is still involved in numerous scams spreading on the Internet in 2019. While the original virus cannot infect Mac, MacOS users have still been actively interrupted by scams using the name of an infamous virus. Beware that “Zeus virus detected,” “You have a Zeus virus,” “Windows detected Zeus virus” and other scams can be safely ignored. You just need to find adware responsible for Zeus virus alert on your computer and remove it from there.

Name Zeus virus
Type Trojan horse (discontinued), Tech support scam/adware
Danger level High. Can cause the leakage of credit card details and other personal information because the scam is seeking to connect you with scammers
Alternatively known as
  • Panda Banker
  • Zbot
  • GameOver Zeus
  • Terdot
First detected in 2007
Versions
Distribution Spam (from Fedex, Royal Mail, etc.), malicious software, bundling, malvertising, BlackHat SEO (malicious links appear in Google search results)
Symptoms Random ads interrupting your browsing, unknown site appearing instead of the start page/the default search engine, slowdowns on the web browser and the entire system, crashes, and similar abnormal system's behavior
Elimination For Zeus virus removal, do not contact tech support offered in the fake warning. Use Reimage to disable these ads on your computer. You need to get rid of adware to stop the popup from appearing 

After seeing how successful Zeus virus is and how scary it looks for PC users, scammers have started including its name to their fake warnings. When dealing with this type of scam, you can also be informed about YahLover.worm and similar invented virus, and additionally asked to contact the given number to reach tech support from Microsoft. In reality, you can reach only scammers who will do anything to scare you into one of these scenarios:

  • install suspicious software;
  • pay for useless software;
  • give an attacker a remote control to your computer;
  • reveal your personal data.

Computer users should keep in mind that the virus is no longer active. If you were interrupted by Zeus virus alert reporting about the potential danger of the Trojan horse for your system, make sure you check your system for adware. After being installed on the system behind the user's back (these PUPs have mostly been relying on bundling), it alters system settings, modifies web browsers and additionally starts producing fake ads.

Keep in mind that Zeus virus removal should start as short as possible. To execute this procedure and bring your system back to normal, we highly recommend you to select only the reliable security software. We recommend using Reimage or SpyHunterCombo Cleaner to run a full system scan. Additionally, you should reset your web browsers.

Zeus virus wiki: the main functionality of the real threat

Zeus virus was one of the first malware variants developed for taking over people's banking details, so it is not surprising that there are hundreds of sources claiming that almost every banking Trojan has a part of the virus.[3] In fact, by altering the configuration files in the Trojan’s toolkit, scammers could have customized the virus according to their needs. The closest alternative for this malware is Panda Banker which was the most active banking trojan in 2018.[4]

If you are interested in what does the Zeus virus do, you should know that its main aim is to gather personal information by recording the victim's keywords or using similar techniques. However, it can also rely on these methods used to take over valuable data:

  • Once the virus infects the computer, the FTP, POP3 or Internet Explorer passwords were gathered automatically from a Protected Storage (PStore);
  • The virus monitored the websites victims were visiting and, once in a while, added extra fields to the fill-in forms to trick users into providing additional information.

Zeus could also contact the command-and-control server which allowed it to carry out other malicious activities on the infected computers. It could download files, shut down and reboot your device, also, delete the system files, which could lead the OS to crash. 

At the moment, the closest copy of this malware is Panda Banker which has been actively spread via spam and exploit kits. Its main targets are financial organizations, social media companies, crypto exchange services, and similar companies from US, Europe, and Japan. The virus can additionally drop ransomware, adware, and similar malware on the system.[5]

There is no doubt that you must remove Zeus virus from Mac, Windows or similar operating system as soon as you start thinking that you can be tracked. Otherwise, the virus can steal your essential information. The removal procedure is challenging, and we do not recommend trying to identify and deleting this virus manually. Consider using a trustworthy malware “eraser” such as Reimage or SpyHunterCombo Cleaner.

Zeus virus infection
The real infection of Zeus virus is a serious threat which might result in money loss or even identity theft

What is a Zeus virus alert on your web browser

Zeus virus alert is a fake popup has been actively spread over the Internet to scare computer users and trick them into contacting scammers and, later on, paying the money for useless services. No matter which OS is used, MacOS or Windows, scammers hijack web browsers, alter their settings and start interrupting the victim with the fake ads from the tech support which is also fake. The take over of the web browser is typically implemented with the help of adware which can be easily installed together with other installers.

The cybercriminals who are working behind Zeus virus have also been spreading fake email messages misusing the names of well-known companies, such as Amazon, eBay, Lloyds bank, etc. One of such examples was described in the Apple discussions website:

Received an email from Cox. It stated Cox has identified that one or more of your computersbehind your cable modem are likely infected with the Zeus Trojan/bot, also known as Zbot. I called Cox and they verified they sent the email. Now what do I do?

Thank you

Beware Zeus virus popup is seeking to make its victim go thru the following sequence of actions:

  • get scared about the PC's security, compromised data, and similar attacks;
  • dial the telephone number given in the alert to contact “tech support experts” and find some help;
  • provide the scammer with a remote desktop connection;
  • install “recommended” software which is fake or even malicious;
  • pay for the useless help.

Zeus virus alert has been using different phone numbers. Tech support scammers have been actively changing them to prevent being unveiled. Recently, Microsoft security researchers announced a long list of Tech support scam numbers,[6] including the following ones:

  • 1-800-014-8826
  • 1-844-324-6233
  • 1-844-859-0337
  • 1-844-680-1071
  • 44-800-090-3820
  • 1-800-014-8826
  • 1-844-313-7003
  • 1-888-944-5714
  • 1-866-249-2994
  • 1-888-202-7560
  • 1-877-224-2995

Note that scammers might use hundreds of different numbers that you should never call. The main principle of these attacks is the same. People are warned about the Zeus virus detected issue on the system and asked to call the number to get needed help. Scammers might ask to purchase useless programs or services. Additionally, you can be asked to provide personal information or remote access to the computer.

Do not share any of these details with scammers because they are definitely going to use it for malevolent purposes! If you think that you could be infected, you should run a full system scan with Reimage to perform Zeus virus removal. Most probably, you are infected with an adware-type virus that altered your web browsers to help itself start right after you browse the web. Remove this unsafe app and reset each of your web browsers.

Fortunately, several virus researchers have already tried to look at this case from a different angle. For example, a researcher presenting himself as Kitboga has already contacted 3,577 “tech support experts” and, by hiding under the image of an old lady Edna, tried to waste scammers' time.[7] 

Zeus virus scam calls
Crooks ask users to contact them via the provided phone number in order to gain a remote access of the device

Types of the scams actively spreading on the Internet

The list of current tech support scams that warn about fake Zeus attack:

“Windows Detected ZEUS Virus”

Windows detected Zeus virus scam operation relies on phishing websites that display deceptive information for whoever enters them. Usually, the victim experiences redirections to such fraudulent websites after being infected with certain adware or tech support scam malware. The full text of the message:

Security Warning
Windows Defender Alert: Zeus Virus
Detected in Your Computer!!
Please Do Not Shut Down or Reset Your Computer.
The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information
4. Local Hard Disk Files.
This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
Call Microsoft Technical Department (866) 249-2994 (Toll Free)

The deceptive website typically plays an audio message, displays a warning and urges to call support at 0800-014-8826 “Windows Detected ZEUS Virus” on the system. Such web pages display the warning despite if the computer is infected with the indicated malware or not.

Scammers working behind this scam seek to swindle money from computer users by convincing them to buy bogus security software or asking to provide sensitive information.

Windows Detected ZEUS Virus scam
Windows Detected ZEUS Virus - a fake warning reporting that some recent downloads resulted in Zeus trojan infection

You Have A ZEUS Virus

You have a Zeus virus scam is another Zeus scam that urges victims to call tech support scammers at 1-844-859-0337 and possibly other similar numbers. Once such a malicious program compromises the victim's system, it starts causing redirects to bogus websites that show various alerts. There are a few versions of the virus. One of them delivers a pop-up message saying:

WARNING! Your Hard drive will be DELETED if your close this page. You have a ZEUS Virus! Please call Support Now!. Call Toll-Free: 1-844-859-0337 To Stop This Process

Another version of the scam delivers this threatening message:

****Dont Restart Your Computer ****
Windows Detected ZEUS Virus, The Infections detected, indicate some recent downloads on the computer which in turn has created problems on the computer.Call technical support 1-844-859-0337 and share this code B2957E to the Agent to Fix This.

Experts from senzavirus.it[8] say that “You Have A ZEUS Virus” scam aims to convince the victim to call fraudsters immediately by stating that the entire hard drive will be deleted if the victim closes the web page that displays the warning. There is no logic there, and victims should close such site immediately to begin malware removal using reputable anti-malware tools. This virus is very similar to “Your Computer Has Been Infected With Virus” malware.

  Don't restart your computer scam
Don't restart your computer scam is one of the most popular versions of the Zeus virus scam

Windows Defender Alert: Zeus Virus

Windows Defender alert: Zeus virus is yet another malicious warning triggering redirects to fake websites that are designed to look like Windows Blue Screen of Death; these websites contain Windows logos and display a list of information that will be stolen by the Zeus virus if the victim won't contact technical support immediately. The message says:

Security Warning
Windows Defender Alert: Zeus Virus
Detected in Your Computer!!
Please Do Not Shut Down or Reset Your Computer.
The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information
4. Local Hard Disk Files.
This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
Call Microsoft Technical Department (866) 249-2994 (Toll Free)

There are hundreds of sites that display such deceptive warnings and suggest calling +1-844-313-7003, (866) 249-2994, (888) 202-7560 and other numbers for “help.” If such alerts started bothering you, perform a system check using anti-malware software to delete the tech support malware. Most likely there is no Zeus virus in the system, and the malicious program is simply trying to put you in touch with fraudsters.

Windows Defender Alert: Zeus Virus scam
Windows Defender Alert: Zeus Virus scam - a fake alert misusing the name of Microsoft to make the scam more believable

Security Update Error 0xB6201879. Authentification required

Technical support scammers continue using the name of Zeus to perform their malicious activities. This time, crooks decided to take advantage of the adware program to redirect users to the website which triggers Security update error 0xB6201879. Authentication required pop-up informing about Zeus virus attack and danger of the files and personal information. The warning says:

Windows Defender Alert: Zeus Virus Detected In Your Computer!!
Please Do Not shutdown or Reset Your Computer.
** Windows Warning Alert **
Malicious Spyware/Riskware Detected
Error # 0x80072ee7
Please call us immediately at: 44-800-090-3820
Do not ignore this critical alert.
If you close this page, your computer access will be disabled to prevent further damage to our network.
Your computer has alerted us that it has been infected with a Spyware and risk ware.
The following information is being stolen…
Financial Data
Facebook Logins
Credit Card Details
Email Account Logins
Photos stored on this computer
You must constant us immediately so that our expert engineers can walk you through the removal process over the phone to protect your identity. Please call us within the next 5 minutes to prevent your computer from being disabled or from any information loss.
Call Technical Support Immediately at 44-800-090-3820

The malicious site pretends to be a notification from Windows Defender and has the design that resembles Microsoft's. The scam warns about Security Update Error 0xB6201879 which is a non-existent problem. Scammers want victims to call their tech support staff via 44-800-090-3820 or +1 (888) 944-5714 toll-free number to get the necessary help. It goes without saying that calling scammers is not recommended.

Security Update Error virus
Security Update Error virus - Zeus-themed scam seeking to abuse the importance of security updates and trick users into calling them

Your System Has Detected Zeus Virus

This technical support scam trying to scare people into thinking that their PCs are infected with Zeus virus has been detected in the second half of March 2018. Potential victims of the scam can be exposed to the “Your System Has Detected Zeus Virus” new tab URL on a regular basis if the system is infected with an adware program. In some of the cases, people can be redirected to this fake domain after clicking on a malicious link or advertisement. 

The “Your System Has Detected Zeus Virus” pop-up mimics the design of official Windows Support Alerts. Besides, it pretends to be generated by support.microsoft.com domain and claims that Microsoft's support detected Zeus virus on the system, which might lead to identity theft. The warning says:

Windows Support Alert

Your System Has Detected Zeus Virus
It might harm your computer data and track your financial activities.
Please report this activity to +1-877-224-2995.

Crooks are trying to intimidate PC users to make them call for a supposed Microsoft Support staff member. However, dialing the provided toll-free number can end up in one of the following scenarios: 

  • The number may feature higher charges than usually, so you may receive an increased telephone bill;
  • Scammers on the other side of the handset can trick you into subscribing useless services;
  • Inexperience users might provide scammers with the information required to establish a remote connection with the PC;

The “Your System Has Detected Zeus Virus” scam is typically displayed in a new tab window. It consists of several layers. The background is usually covered with Microsoft-related or neutral tech-related information. The second layer is the most explicit. It indicates the Zeus detection, provides an error code (0x80072ee7) and explains all the possible consequence that the current PC's condition can end up with. However, keep in mind that the “Your System Has Detected Zeus Virus” pop-up is a hoax that can be removed by running a scan with Reimage or another security tool and resetting the web browser that displays it. 

Your System Has Detected Zeus Virus scam
Your System Has Detected Zeus Virus scam is yet another version of the virus

The list of Zeus virus versions

Zbot

Zbot is another name for Zeus Trojan that is used by many security experts. If your security software detects Zbot in your system, it means that you have been infected with a serious malware that silently tracks your activities, records passwords, and other sensitive information. You must remove Zbot immediately and change all your passwords as soon as possible! Otherwise, the malware can find out all passwords, credit card details and similar information which is considered personal.

There is no doubt that attackers can use such data for malevolent purposes and loss of financial information lead to disastrous consequences. Unfortunately, such malware operates silently, and it is unlikely that you will spot it on your system without having a strong anti-malware software.

Gameover Zeus virus

GameOver Zeus is yet another malicious Trojan horse that is based on components of Zeus virus. According to reports, this malicious software is distributed using Cutwaii botnet. The Trojan employs encrypted peer-to-peer communication scheme to communicate between its noted and C&C servers. The deceptive malware was used for distribution of the infamous CryptoLocker.

The activity of GameOverZeus was suspended in June 2014, once the communication between the Trojan and the C&C servers was intercepted and shut down. A year later, FBI announced a $3 million reward for information about Russian hacker Evgeniy Mikhailovich Bohachev[9]. The hacker hasn't been caught yet.

Zeus Panda banking trojan

Zeus Panda is also known as Panda Banker, and it is known to be the version of the infamous Zeus Trojan. This virus is hazardous as it intercepts network traffic and uses legitimate processes to inject its malicious scripts. The Trojan aims to steal victim's bank credentials and login details associated with as many online accounts as possible.

Zeus Panda first emerged in 2016, but its distribution continues in 2017. Lately, security researchers discovered a new technique that virus' authors use for its distribution. This time, fraudsters were caught using BlackHat SEO strategies to make malicious Trojan-serving links appear in the top Google search results' positions. The new technique adds to previously known ones – malvertising and malicious spam.

Terdot

Terdot virus emerged in the mid-2016 as a banking trojan. The virus aimed at customers of banks and financial organizations in the US, Canada, the UK, Germany, and Australia. However, the trojan was updated and, since November 2017, has been stealing people's social media credentials.[10]

Terdot is communicating via malicious spam emails that are usually pushed by Sundown exploit kit. These phishing emails include a malicious PDF file that includes malicious code. Once clicked or opened, it starts malware's installation to the device. This data-stealing trojan also operates as a man-in-the-middle proxy and can change information of the visited websites in order to steal sensitive information.

Terdot virus
Terdot trojan is one of the Zeus virus variants

Methods used for spreading banking trojan

Zeus is actively spread via misleading emails[11] that report about undelivered items. Beware that they look very trustworthy and present themselves as FedEx, Royal Mail and other reputable courier companies. However, you should also be aware of emails that include PDF files or icons because it's the main distribution method of Zeus variant Terdot.

If you received such mail, be sure to ignore it and never click on the link, which leads to the infiltration of Zeus Trojan. However, this malware is known to be distributed using some other techniques, including:

  • Malvertising;
  • BlackHat SEO tactics (making malicious links appear in Google search results).

In addition, we also recommend avoiding illegal websites, unlicensed programs and misleading messages on social networks[12] because they may also be involved in the distribution of this Trojan. As soon as it enters the system, it modifies its settings and starts initiating dangerous activities. For avoiding the loss of your credit card details and money, you should waste no time and remove the virus from the system.

Zeus virus distribution
Zeus virus primarily uses malvertesing for propagation, although malicious spam email attachments are popular too

How can you get infected with the Zeus virus popup

Even though Zeus virus itself is extremely dangerous, the pop-up messages that claim the infection are fake. Unfortunately, not many people are aware of that and often believe the fraudulent claims.

The truth is, fake alerts that display notifications about Zeus virus infections are mostly initiated by the adware program that is installed on the system. In most cases, such applications are cleverly hidden in the installers of freeware and shareware and populated on third-party websites.

This technique is nothing new and has been used by free software developers since Microsoft introduced the bundled application package, MS Office, back in 1990. Over the years, not so fair individuals managed to improve the technique, increasing the installation rate drastically. Namely, such tricks like confusing descriptions, pre-ticked boxes, grayed out buttons and similar, combined with users' inattentiveness during the installation process, resulting in a massive surge of potentially unwanted programs like adware installation all over the world.

To protect yourself from PUPs, you should practice these precaution measures:

  • Install comprehensive security software and run it at all times;
  • Pick reputable sources for your downloads;
  • Avoid third-party sites that are generally unknown;
  • Scan the installer with Virus Total before opening it;
  • Do not rush the installation procedure – read carefully the instructions;
  • When prompted, opt for Advanced or Custom installation mode in order to remove optional software like media players, system optimizers, driver updaters, codec packs, software uninstallers and similar bloatware your computer is better off without.

Finally, those who encountered Zeus virus popups once or twice should probably not be worried, because its the domain itself that shows the notifications, not the infection of adware and users might merely be redirected after clicking on an insecure link online. In the case of infection, it's the redirects that lead to such phishing sites that are the problem. In such a case, the removal of Zeus virus popups can only be achieved if adware applications are uninstalled from the device.

Zeus virus scam - software bundling
Users might start seeing fraudulent Zeus trojan alerts after installing shareware or freeware on their devices

Guide for Zeus virus removal

If you want to remove Zeus virus from your computer, you should scan the system with Reimage or SpyHunterCombo Cleaner. These tools will let you identify the type of malware you are infected with. Be sure to use updated versions to check your system thoroughly and find your virus. Recommended software will also fix virus damage and prevent additional issues on the system.

As we have already said, the trojan horse has been terminated several years ago, so, if you were reported about the Zeus virus infiltration on your computer, you are most probably infected with the adware. Such ad-supported software gets into the system via bundling and additionally hijacks web browsers to start showing its fake warning messages about a need to contact the tech support. Make sure you ignore such offer and delete Zeus virus instead.

To finish Zeus virus removal without leaving its leftover files, you may need to reboot your computer system to Safe Mode or Safe Mode with Networking and then run a full system scan. You can also try System Restore feature before the scan to disable the virus.

You can remove virus damage automatically with a help of one of these programs: Reimage, SpyHunterCombo Cleaner, Malwarebytes Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Zeus Trojan, follow these steps:

WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Remove Zeus Trojan from Windows systems

To get rid of the adware related Zeus virus alert, open Task Manager and check it for suspicious entries that you cannot remember installing. Make sure you remove them by using these steps:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Zeus Trojan and related programs
    Here, look for Zeus Trojan or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Uninstall Zeus Trojan from Mac OS X system

To delete the fake warning message from Mac, pay close attention to these steps:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for Zeus Trojan or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'
WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Delete Zeus Trojan from Mozilla Firefox (FF)

To fix Firefox web browser, you should either reset it or delete all unclear add-ons. Use this guide to perform the recovery of this browser:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Zeus Trojan and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Zeus Trojan removal. Click on 'Reset Firefox' button for a couple of times
WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Get rid of Zeus Trojan from Google Chrome

To delete Zeus virus detected scam from Google Chrome, remove all unwanted/suspicious components from your browser. We also recommend resetting it with the steps given below:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Zeus Trojan and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete Zeus Trojan removal. Click on 'Reset' button to complete your removal
WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Remove Zeus Trojan from Safari

To recover Safari, use the following guidelines. You should reset it to get rid of Tech support scams:

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Zeus Trojan or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Zeus Trojan removal process. Select all options and click on 'Reset' button
WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Eliminate Zeus Trojan from Internet Explorer (IE)

Clean IE by eliminating suspicious add-ons and extensions:

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for Zeus Trojan and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete Zeus Trojan removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
WindowsMac OS XFirefoxGoogle ChromeSafariInternet ExplorerMicrosoft Edge

Erase Zeus Trojan from Microsoft Edge

Use the guidelines below to get rid of the adware. Ad-supported programs are closely related to fake alerts offering contacting tech support “experts”:

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, Zeus Trojan should be removed from your Microsoft Edge browser.

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References

Removal guides in other languages


  1. PlaySkool says:
    December 18th, 2010 at 12:12 pm

    This isn't “a harmless trojan, which is able to perform annoying actions only”, it's a powerful bank info stealing botnet.

  2. Alex says:
    May 26th, 2014 at 3:49 pm

    I have spy hunter, but I still have Zeus Trojan, what should I do?

  3. Pam says:
    October 23rd, 2016 at 2:19 pm

    Is the hard drive virus and Zeus virus the same thing??

Your opinion regarding Zeus Trojan