Be updated on the latest social engineering fraud affecting web browsers and get rid of rogue popups claiming that Windows detected Zeus virus.
Tech support scams are steadily becoming the computer security issue du jour. The threat actors in charge of these stratagems leverage malicious software to reroute the targeted users’ Internet traffic, and then employ smart social engineering practices to dupe victims into paying or handing over their sensitive information. Such a fusion of tech tricks and manipulative techniques usually has a fairly high success rate, as in the case of the rogue Zeus virus alerts.
This particular hoax involves the use of a browser hijacker that covertly modifies one’s browser settings in order to make the web surfing client return a specific landing page, such as defaultprogramssystem.com. Titled “Windows Activation Pro”, this site displays a misleading popup that reads, “Windows detected Zeus virus. The infections detected indicate some recent downloads on the computer which in turn has created problems on the computer. Call technical support [888-993-7098, 888-726-0301, 888-747-8267 or any other toll free phone number] and share this code B2957E [or similar] to the Agent to fix this.” The above-mentioned URL is merely one of many with the same effect.
In addition to the fake popup alert, the page also renders an audio warning. It says, “Warning! Your hard drive will be deleted if you close this page. You have a ZEUS Virus. Please call technical support now! Call the toll free number on your screen, then press 1 to speak with an agent and stop this process. Hard drive safety delete will start in 5 minutes.” This way, the scammers are trying to be more persuasive and make the attack true-to-life and scarier. The background overrun by the fake Zeus popup alert is also an interesting component of this heist. It may impersonate a BSOD (Blue Screen of Death) or some sort of a system interface with a fancy-looking data hierarchy tree and a phony scan progress indicator. The 5-minute countdown before alleged hard drive safety delete goes off is supposed to add yet more cogency to the mix.
An updated variant of Zeus virus alert that’s currently in rotation is the Windows Defender Alert. This particular hoax has a somewhat different look and feel. It features a large Windows logo, a list of data that is purportedly susceptible to being compromised, and a recommendation to call Microsoft Technical Department at (888) 202-7560.
The most important thing to keep in mind here is that everything on the landing page is a complete fake. There is no Zeus virus problem for real, nor is anything going to happen to the hard drive if you don’t call the bogus tech support: 0 800 086 8437, 888 993 7098, 888 726 0301, 888 747 8267 etc. Defaultprogramssystem.com, or any other site engaged in this cunning scheme, renders a pre-recorded audio message and displays the exact same graphics to all the contaminated users.
The only issue that’s genuine and needs to be addressed is the browser infection that repeatedly redirects online traffic to those untrustworthy sites. It is most likely a malicious plugin with cross-browser properties. Last but not least, some tips to follow if infected with this pest. First of all, do not call the toll free number provided on the counterfeit Zeus virus popups otherwise the fraudsters may wheedle out the information that they can then use to remotely hack into the PC. Of course, paying for their inexistent help is a bad idea, too. And finally, be sure to get rid of this adware using a specially crafted security procedure.
Automated removal of rogue Zeus virus alerts
Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:
1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button
2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.
Use Control Panel to get rid of Zeus virus alert adware
• Open up the Control Panel from your Start menu in Windows and select Uninstall a program
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find an unfamiliar entry under the Name column, click Uninstall and follow further directions to get the removal done.
Restore web browser settings to their original defaults
In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by Zeus virus alert adware.
Reset Mozilla Firefox
• Open Firefox, type about:support in the URL area and press Enter
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
• Follow subsequent directions to reset Firefox to its original settings
• Restart the browser.
Reset Google Chrome
• Open Chrome, click the icon for Chrome menu and choose Settings
• Scroll down the settings screen and click Show advanced settings
• Click Reset settings
• Finally, confirm the restoration by clicking Reset on the warning message
• Restart Chrome.
Reset Internet Explorer
• Select Internet options under IE’s Tools
• Proceed by clicking on Advanced tab, then select Reset
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
• Reboot the machine to fully implement the fix.
Revise your security status
Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.
- “The requested resource is in use” virus popups in Windows
- AES-NI Ransomware removal: decrypt .aes_ni_0day files
- Eccentric “Rensenware” infection demands Touhou game score instead of Bitcoin
- Wcry ransomware: .wcry files decryptor and virus removal
- Microsoft Warning Alert scam: remove fake virus popups