Author Topic: Is Anyone Familiar with Removal of a Scam That Refers to a "Zeus Virus" ?  (Read 709 times)

Offline hoosier

  • Poaster
  • **
  • Posts: 406

Twice this week I've had my computer blocked by a pop-up saying a "Zeus Virus has been detected on my computer and warning that I must call a certain phone number, etc.

Googling this subject I found the following supposed solution to removing this virus :

https://malwaretips.com/blogs/remove-windows-detected-zeus-virus-popups/

Has anyone used this solution? Is "Zemana AntiMalware Portable" a known tool? Is the solution in its entirety safe to run ?


Since the scam labels itself "Microsoft Official Support", it beats me why Microsoft hasn't found some way to shut-down and prosecute the perpetrators.


P.S. My temorary solution to regain use of my computer was to switch off AC power to my computer, switch AC back on and restart computer.

Avast Antivirus, Malwares Anti-Malware, Zone Alarm Firewall and Malwares Ransonware do not recognize this virus.

Offline Bill

  • Universal Moderator
  • xTreme Super Poaster
  • *****
  • Posts: 6035
hoosier, this is adware.  There is a much nastier variant called Zeus Trojan, a trojan horse used to steal banking information.
 
The objective of this virus is to convince you to buy unnecessary software, in this case  "Zemana AntiMalware Portable".
While I am not a virus/malware expert, I have never heard of Zemana.

First thing to try is open Control Panel >Programs and Features.  Check to see if you notice something new or different.  Click on the program and use the uninstall button at the top of the window.  Failing there, Download ADWcleaner from here:
https://www.malwarebytes.com/adwcleaner
After ADWcleaner is finished, rerun Antimalwarebytes

Let us know how you make out.
« Last Edit: Apr 29, 2017, 08:37 AM by Bill »
Fractal Design R5 | Asus  Z170 Pro | Intel i5 6600k | 16 GB G.Skill Ripjaws  DDR4 2133 | Seasonic 650w PSU | eVGA GTX 550 TI | Samsung 960 M2 500 GB | Samsung 850 EVO 500 GB | ASUS Burner | Windows 7 64-bit

Offline hoosier

  • Poaster
  • **
  • Posts: 406
Thanks Bill for your quick reply.

I saw nothing new or different among my 80 some programs. I was suspicious of Zemana when I first checked their web site.

Since this adware is not currently messing with me, could it still be lurking on my computer?

In any case, I have asked Malwarebytes Customer Support why this adware is not detected by their Anti-Malware, just to see if they reply and what they might say.

If adware reappears, I will certainly go the ADW Cleaner route and report back the result.










Offline Bill

  • Universal Moderator
  • xTreme Super Poaster
  • *****
  • Posts: 6035
I hope it's gone, good luck.
Fractal Design R5 | Asus  Z170 Pro | Intel i5 6600k | 16 GB G.Skill Ripjaws  DDR4 2133 | Seasonic 650w PSU | eVGA GTX 550 TI | Samsung 960 M2 500 GB | Samsung 850 EVO 500 GB | ASUS Burner | Windows 7 64-bit

Offline hoosier

  • Poaster
  • **
  • Posts: 406
I got so many suggestions from Malwarebytes technical support that my head is spinning. When this nasty adware reappears (as I suppose it will) I'll have much to try.

When I do try, and get into trouble, I'll get back to this forum.

In the meantime here is what they said :

"Getting rid of bogus screen (s) :

You can easily use keyboard keypress shortcuts to get rid of the false pages displayed. ( see below).

What you had experienced is NOT an infection. Not a virus; nor a malware. It is a scam / fake tech support scheme.

Contrary to what one may have thought, it does not “lock” the machine.
You can still press the Windows-key on keyboard to get the Windows menu.
You can use a variety of Windows Keyboard shortcuts to get around to other choices for remedy.

When this fake is in the foreground and in a web browser, there are many ways to get it off the screen.
I would suggest to do a few keyboard presses to get rid of the windows on-screen.
Press and hold ALT-key on keyboard and then tap the F4 function key a to get the foreground windows closed and done away with. ( repeat use of ALT + F4 sequence).

ALT + F4 is especially helpful against the smaller window ( if any) that is up in front.
ALT + HOME key on the keyboard will put your browser page back onto your prior choice for Home page. That easily deals with the bigger full page displayed.
Then while still in the web browser, press and hold SHIFT + CTRL + DELete keys to start the process to delete all browser cache & history.

Another way is to press and hold CTRL key on keyboard and then tap W key. CTRL + W
That should close the Tab page of the web browser.
You can repeat as needed.

Another way: is to open a new Tab by using CTRL +T ( that opens a new tab). Then you can use your mouse go to the rogue tab & then click the X control on the upper right top of the rogue tab-window).
Have patience when you try this.

And, there is always the ability to end the web-browser program thru using Windows’ Task Manager applet.
Click the Start button and type:
taskmgr.exe
and then press Enter.
In the processes tab, find the process for whichever browser you are running:
iexplore.exe, firefox.exe, chrome.exe, MicrosoftEdge.exe, MicrosoftEdgeCP.exe and then click End Process or Terminate.

Do not fall for scare-ware scams :

The “call-this-telephone” message is a fake one. It is a scam trying to lure you into handing over money. ( there are many variations of this type of message.)
That is a scareware. Certainly if it mentions Microsoft or “some technical support expert” or to “call” some telephone number !
Close the window and Reset the web browser.

RESET web browser program :
Which one of the web browsers is this on ? Reset the browser and make real sure it does not re-open same page as last session.
Please try to reset your browser settings and see if that helps -

These are the ways – the HOW TO pages – for the 3 most popular web browsers. Just click each link to see the specific advice for it.
You would want to put back your own choice for Start page / Home page / and also for Search engine preference.
Just click the link to the browser you have installed.

If you have more than one, then do one at a time.

Please try to reset your browser settings and see if that helps -

Internet Explorer in Windows

Google Chrome browser

Firefox:

First, do a refresh for Firefox.
Then set your own choices for search engine, and start & home page, etc.
https://support.mozilla.org/en-US/kb/reset-firefox-fix-most-problems

For EDGE browser in Windows 10 :

Edge browser is set by default to “restart on the same page as it was on the last time”. So, now you need to set it to your own choice.
Either a blank page or a specific website of your own choice. You could make it bing.com as one safe example.

Please do try to Reset the Edge browser to defaults, with these tips.

In Microsoft edge
Click the three dots … (top right hand corner under the X sign)


Click settings
Change – Open new tabs with
Top sites
Arrow V down and Select – A blank page ( or make some other selection that is right for you ).

DO 2 scans to check your system :

P.S. After clearing out the web browser, you can do a Threat Scan with our Malwarebytes program, plus one with the resident Antivirus too.
You should find that there is no real “infection”. That all is a scam window in a web browser. Do not believe all that you see from an unknown source that is “shown” in a web browser !!!

For the long term, use these tips to beef up your web browsers. :
Go into the Options ( settings) of Internet Explorer ( and any other web browser you have).
Make sure that the POPUP blocker is ON.
Set the option on for rejecting (decline) 3rd-party cookies.

And in addition to all that:
Use a good browser extension ( add on) ad blocker. If your pc has no ad blocker add-on for your browser(s), I would suggest uBlock Origin.
For Mozilla Firefox, use the Mozilla page at this link
https://addons.mozilla.org/addon/ublock-origin/

For Google Chrome, see
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm

For Internet Explorer browser:
https://adblockplus.org/en/internet-explorer

IF your Windows 10 is at build 1607 or later, you can install a ad-blocker for the EDGE browser
Point Edge to this link
https://adblockplus.org/

For Opera browser, see
https://addons.opera.com/en-gb/extensions/details/ublock/

ALSO this too
To help totally block these types of “popups” I would recommend to only use Firefox browser that also has the addon for
NoScript Suite Lite.
and just only use that when surfing the web.
Tips and how to’s for Noscript suite are on this page link
http://mybrowseraddon.com/noscript-lite.html

NOTE: Look real close on the tool bar of the browser where you install Noscript. Noscript shows a shield icon up on the top right.
Click on the shield and see the options.
When your browser is on your-known-safe website, one click the green plus sign to treat the main webpage as a known one and allows the use of scripting to work. Doing that will insure that the main-website ( lets say Target or the likes) will work fine. and that will reduce the source of junk coming from rogue adwares on some other domain.

Like everything else, it takes a little bit of patience and experience to get accustomed and acclimated.
Take a bit of time and look over this helpful page of tips about Noscript Suite
http://mybrowseraddon.com/noscript-lite.html "

Offline Bill

  • Universal Moderator
  • xTreme Super Poaster
  • *****
  • Posts: 6035
The one thing in all of that is they didn't tell you how to get rid of whatever created the scam windows screen in the first place.  Of, there is always the possibility that I missed it.
I still think that running ADWcleaner is a good idea and should help.
Please let us know how you get on with this issue.  Thanks.
Fractal Design R5 | Asus  Z170 Pro | Intel i5 6600k | 16 GB G.Skill Ripjaws  DDR4 2133 | Seasonic 650w PSU | eVGA GTX 550 TI | Samsung 960 M2 500 GB | Samsung 850 EVO 500 GB | ASUS Burner | Windows 7 64-bit

Offline scuzzy

  • Forum Cop
  • Administrator
  • xTreme Super Poaster
  • *****
  • Posts: 9284
  • In an emergency, 9-1-1 calls me.
A simple redirect probably created the scam windows in the first place.

In reviewing the advice you received, it makes sense to me and seems reasonable. I am very accustomed to most of those keyboard shortcuts and I use them on a regular basis. It is rare that I am hit with an unwanted redirect, but these are the same tricks I use to get me out. I will often use CCleaner afterward to fully clear out the history/cache/cookies, etc., before reopening the internet browser (Firefox, in my case). Then I avoid returning to that site for any reason.