Zeus Trojan

Zeus Trojan Description

Zeus Trojan Image 1The Zeus Trojan is the most widespread and common banking Trojan today. There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. There are regional variants that target computers in specific areas of the world as well as mobile-specific variants designed to attack mobile operating systems such as Android or BlackBerry platforms. In all cases, the Zeus Trojan is used to steal banking information. This dangerous malware infection can be used to steal account names and numbers, banking account passwords, and credit card numbers. The Zeus Trojan can also be utilized to capture particular information that can then be used to steal a victim's identity. ESG security researchers consider that the Zeus Trojan and its many variants are severe threats to a computer and to your security. Protect yourself by using reliable anti-malware software and keeping it constantly updated.

Understanding the Zeus Trojan Infection

In its most basic form, the Zeus Trojan steals banking information and then sends this information to a remote host. Formerly, the Zeus Trojan was linked to a very large botnet. Although there are still very large botnets associated with the Zeus Trojan, these have diminished in size in the last few years. The most common tactic to distribute the Zeus Trojan is through malicious email messages which are often sent out by these very same botnets. Zeus Trojan infections spread through phishing email messages as well as social media scams. Often, the Zeus Trojan will be used in conjunction with the Black Hole Exploit Kit. Using this dangerous utility, criminals can set up attack websites that then infect a computer with the Zeus Trojan.

Dealing with a Zeus Trojan Infection

The main danger of a Zeus Trojan infection is that a computer user will rarely be aware of the presence of this threat. The Zeus Trojan and most of its variants are designed to reside on the victim's computer without causing overt symptoms. Apart from a slight increase in system resource usage, computer users will probably not notice the presence of a Zeus Trojan infection. This is why it is so important to update your security software. In most cases, the first sign of a Zeus Trojan infection will be its detection by an anti-virus application. To prevent a Zeus Trojan infection in the future, ESG malware analysts recommend never downloading unsolicited email attachments or clicking on embedded links contained in unsolicited email messages.

Even though variations of Zeus were originally sold on the dark web as a malware kit worth thousands of dollars, eventually the Zeus Trojan had its source code releases to the public in 2011 and that led to a number of recompiles and tweaks of the codebase, distributed as new threats by various bad actors. Those include the Terdot Trojan and Gameover, to name a couple. Gameover was upgraded to use encryption for all communication between infected systems and the command and control servers, which made fighting it more difficult. According to reports from around the time Zeus was open-sourced, the price to obtain a pre-made Zeus package as someone not familiar with coding was between two and ten thousand dollars, depending on the number of extra modules included in the package.

To counter the spread of the Zeus Trojan, a non-profit service tracking Zeus-related domains and URLs was established at zeustracker.abuse.ch. The service was discontinued in early July 2019. Still, computer users who may encounter Zeus will want to utilize the proper resources to safely detect and eliminate Zeus without hesitation to prevent system damages or theft of personal data.

Do You Suspect Your PC May Be Infected with Zeus Trojan & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Zeus Trojan as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Registry Details

Zeus Trojan creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network "UID" = "[USERNAME]_[UNIQUE_ID]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{6780A29E-6A18-0C70-1DFF-1610DDE00108}" = "[HEXADECIMAL VALUE]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{F710FA10-2031-3106-8872-93A2B5C5C620}" = "[HEXADECIMAL VALUE]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe”

Related Posts


  • Chyna:

    That's a genuinely impressive answer.

  • AnnaG:

    I wish there was an option to print the page. The info is so valuable. SpyHunter is one of my favorites...I always felt it did a great job.

  • May Reilly:

    Is it normal for a voice along with a pop-up appearing to tell me to phone 0800-011-9684 to deal with this ZEUS virus?

  • william:

    i got a warning about the zeus virus on my chromebook but it seems my computer cannot download an anti virus program what do i do about this?

  • Ben:

    I GOT STRUCK BY THE ZEUS VIRUS!! Right now it's done the Hard Drive Safety Delete, but Scanning is still in progress when i posted this message! PLEASE HALP! Any tips on how to avoid it in the future? (other than avoid pages that have it)

  • Pietersz, Tyrone:

    I have two left hands with ten thumbs when it comes to computers. Today I received a pop up informing me that the Zeus virus had been down loaded, and to call a specific phonenumber. No response whatsoever... It (the warning) keeps poping up in the middle of my work, and is very annoying.
    All I could do up to now was restart my computer every time it appeared, and I am now desperate. What do I do? I do not understand the computer jargon anyway. Please help

  • Fraser Reid:

    I have a virus called ZEUS flashing on my pc screen. I'm running Windows 10
    It tells me not to shut down pc.
    It gives me a telephone no. 1 855 739 5486 to call
    Is this a safe number for Microsoft?
    Can I safely shut down my pc?

  • james:

    do not call the number they will ask you to pay and shut down your pc until you pay and more then likely not allow access again what you should do is force close your browser when this window pops up then bring up this site your on now copy the file names and search for each individual one in the designated area and scan your pc at the same time if nothing comes up you should be fine and if the zeus pops up again just close window it is the start of the virus if you take the actions it tells you to the virus will be released into your systems and if not properly taken care of will embed itself in your pc and continue to steal your personal info until removed which will become harder to do as time goes by

  • Reid:

    I almost got the ZEUS virus 2 times. Really the only you can do is restart because it locks up your computer. Just a tip, don't click on mysterious links.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.