Zeus Virus - Manually remove or verify if its on your computer.

Community Help: Zeus Virus - How to check or manually remove Zeus

Share your own experience     View front page

The Zeus virus is a virus that sits quietly and manually steals information from your computer. This is a dangerous virus because it waits until you log on to specific bank sites and tries to steal your logon information among other things in an attempt to steal money from your bank account.

There are alot of different names and variants of Zeus, so I wouldn't get to caught up in the actual name to search for, instead just make sure your startup does not have any unusual entries as Zeus is worthless if it can't start automatically. So rather then looking for specific names, look in your startup to make sure nothing is there. If anything unrecognized is starting up then get rid of it.

First off, older Zeus names were ntos.exe and oembios.exe, later ones were sdra64.exe. As a basic search you can make sure these are not on your system. If you need to check to see the meaning of some executable programs because you aren't sure what they are, look up programs at http://www.what-is-exe.com to help you identify them.

Next, check your system startup to find what is running when you reboot your computer. This means the programs that run automatically, some will always be needed, and some like Zeus and other viruses should not be there, and regardless of how they name it, it has to have a way to startup. If you dont know what the registry is then you will need to find this out on your own as its not my goal to cover that here, as I want to show you how to identify Zeus and other viruses, not to do a course on the registry. These are the key places to check.

First place to check is your registry key: HKCU \Software\Microsoft \Windows\CurrentVersion\Run These programs listed here all begin running when you reboot your computer. Make sure you know what each of these programs are, and anything unusual I would get rid of. Check the link above to look each of them up so you know what they are. Obviously if you see ntos.exe or the sdra64.exe then you need to get rid of them. Any wierd random names and numbers listed on a exe name are most likely bad and should be removed also. Many viruses including ones like Zeus use random generated names and are easy to spot.

Another key area of the registry is HKLM \Software \Microsoft\Windows NT\CurrentVersion\Winlogon. Typically you see the program userinit.exe here, if you see others, then you need to find out what they are immediately.

Always verify both HKCU and HKLM.