Zeus Trojan

Supporter

Zeus Trojan

My ISP tells me I may have a Zeus Trojan.  I have no idea how to check for this.  I ran F Secure home security and it found nothing.  Would it have found Zeus Trojan?  If it got onto my system around F Secure home security how would I find it?  Thank you to anyone providing help with this.  I am 70 years old and know very little about computers.  I depend on F Secure to protect me.

4 REPLIES 4
Supporter

Re: Zeus Trojan

I have tried F Secure chat several times and get no response.  After waiting about 10 or 15 minutes it times out and quits.  I have contacted my ISP and get no reply, make take several days.  I am told this trojan can get banking data and passwords, so I am very concerned.  I would like to find out if it is on my computer, the ISP says they detected it on my computer through the modem they gave me with the service.  Is remote access to my computer by F Secure possible to check for this?  Does F Secure have a Zeus Trojan removal tool?  Other companies have one but I am afraid there may be a conflict with F Secure if I use them.  Thank you for any reply.

Supporter

Re: Zeus Trojan

Here is a removal tool from Semantec  http://www.symantec.com/security_response/writeup.jsp?docid=2014-052915-1402-99

 

I am not running it until I find out if it will be in conflict with F Secure, or if I really have a problem, I don't know for sure if the virus is on my computer, but my ISP says they detected it on my  computer.

Highlighted
Superuser

Re: Zeus Trojan

Hello,

 

Sorry for my reply, but just because maybe normal and official response from F-Secure team can be just after a weekend (but not a fact)... Maybe some of next words can be helpful.

 

-> Maybe for get support-help (as your try with chat) more helpful to use next link:

https://www.f-secure.com/en/web/home_global/support/support-request

 

And create just as "support-ticket". For example, about potential "missing" detection for some of suspicious/malicious files. But probably it's can be too much long too. And can be not so helpful.

And also you should be sure.. that you have experience about "chat"-link from F-Secure website.

With any variants.. how I can to understand... F-Secure support can to provide remote access as "support-help".

 

-> F-Secure have promo-webpage about "auto-detection" - if your system can be with troubles about related threats:

https://campaigns.f-secure.com/en_global/zeus/ols/

 

But it's can be that... you have something new and fresh, but page about "previous known tricks".

 

-> Current page will be already with a link, but can to repeat. Potentially F-Secure marked their Online Scanner tool as helpful tool against current threats too.

So you can try to use this (directly):

 

https://download.sp.f-secure.com/tools/F-SecureOnlineScanner.exe

 

-> Which version of F-Secure you have installed under your machine?

Potentially... F-Secure (if it's known sample) should to detect it, but maybe need to launch Full scan (or re-check some of settings around; it's can be with settings about manual scan and advanced-points - which can to re-change from user-interface). Also.. if it's not detected.... there need to wait response from F-Secure.

 

-> Potentially.. ISP can to think about "wrong"-points... and there false-positive alert.

Or can be other devices under your network (?!).

 

-> Also.. maybe other tool can not be with big conflicts. But I think.. you can to try start from "default" tools by F-Secure (Online Scanner and Full scan-under-your version of F-Secure IS?).

 

Sorry for my reply.

Will be good.. if it's can be in somewhat reason.. helpful.

 

And maybe you can to check some of steps during waiting a response from F-Secure.

Sorry for not nice English.

Advocate

Re: Zeus Trojan

If you have a wireless modem/router and other devices connected to it it's possible your ISP mean it could be any device connected to it. Including the possibility of a neighbor who gained access to it. All devices connected to it will share the same public IP address.

 

Zbot(Zeus) is a family of trojan malware. F-Secure detections:
https://www.f-secure.com/v-descs/trojan-spy_w32_zbot.shtml
https://www.f-secure.com/v-descs/trojan-spy_w32_zbot_gen!g.shtml

 

F-Secure has an online service to check for the newer version of it called "Gameover Zeus": http://www.f-secure.com/gameoverzeus

 

Other on-demand tools and scanners shouldn't conflict with F-Secure. Basically it's only other anti-virus products that has real-time scanning that will cause a conflict. I recommend these free on-demand scanners that I use myself basically only to verify that F-Secure has done its job:

 

http://www.malwarebytes.org/antimalware/
Free + a 14-day trial of Premium(that you can decline if you don't want it). A "Threat scan" is usually enough and takes only a few minutes.

 

http://www.surfright.nl/en/hitmanpro
A fast scanner that also checks behavioural like how programs are started, their activity, if they are encrypted etc. Suspicious files are scanned in the cloud with multiple anti-virus products. The scanner is free and if it finds anything malicious you're offered a free 30-day trial license to remove those files.

 

Another way is checking all running processes with more than 50 different anti-virus products:

http://community.f-secure.com/t5/Security/How-to-easily-scan-all-processes/m-p/43599#M8156