Zeus Trojan
Posted: March 28, 2006
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 16 |
| First Seen: | August 13, 2010 |
|---|---|
| Last Seen: | July 3, 2021 |
| OS(es) Affected: | Windows |
Zeus Trojan is an extremely dangerous parasite that is widely known to be of an aid to hackers in an effort to steal banking information. Zeus Trojan may be made up of several compromised computers, or botnets, which are all programmed to infiltrate systems ultimately stealing data. Zeus' botnets have stolen data from millions of computers and is a serious nuisance to computer users affected by its deceptive tactics. Zeus Trojan may write itself to boot sectors of a PC's hard drive where it may load at startup making it difficult to terminate or remove from a system. Zeus is one of the most dangerous Trojan parasites in existence and continues to plague many computers around the world. Detection and removal of Zeus may be a difficult task which is why the assistance of a trusted spyware removal tool may be needed.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:54c9486814f6ba52295198acbd17e53d1925b1372fc1653af1c5b00d2d507e72
File name: 54c9486814f6ba52295198acbd17e53d1925b1372fc1653af1c5b00d2d507e72Size: 2.38 MB (2383139 bytes)
MD5: 1bbada208addf0874592921a1fe19873
Detection count: 85
Group: Malware file
Last Updated: October 5, 2010
37dd337eac809ed0744e29987ce3495669b2a904732a976a23b8ffcd5972e646
File name: 37dd337eac809ed0744e29987ce3495669b2a904732a976a23b8ffcd5972e646Size: 275.96 KB (275968 bytes)
MD5: 92d895c89da37b2fbe91735694b89a19
Detection count: 75
Group: Malware file
Last Updated: October 5, 2010
26aa7c43def2dcefca22b318ba3746ffd4de09b8d1b80181f86eaf82c7971a05
File name: 26aa7c43def2dcefca22b318ba3746ffd4de09b8d1b80181f86eaf82c7971a05Size: 504.83 KB (504832 bytes)
MD5: ef988034f110d7738bd3ca20e301f282
Detection count: 65
Group: Malware file
Last Updated: October 5, 2010
10f2ba65c8265c4efaa05ed8946471310cb463a1ecc6fa9787e3f40fad0ad4f8
File name: 10f2ba65c8265c4efaa05ed8946471310cb463a1ecc6fa9787e3f40fad0ad4f8Size: 713.72 KB (713728 bytes)
MD5: 99022c80a05650643197159a26ac80d3
Detection count: 63
Group: Malware file
Last Updated: October 5, 2010
08e6be87dd74250d33fad706dc57d8f52d8952762adf7c9ee68836bb9a25b032
File name: 08e6be87dd74250d33fad706dc57d8f52d8952762adf7c9ee68836bb9a25b032Size: 271.36 KB (271360 bytes)
MD5: ffc452af363c3740c6a8018193d198cd
Detection count: 51
Group: Malware file
Last Updated: October 5, 2010
6e64ddf1f1378b164da4ab93653a4f9773b669f6702104343300271cac42cc49
File name: 6e64ddf1f1378b164da4ab93653a4f9773b669f6702104343300271cac42cc49Size: 716.8 KB (716800 bytes)
MD5: c8c554b2ea286642b69309e40a9b0857
Detection count: 45
Group: Malware file
Last Updated: October 5, 2010
5a9185a3b1b59657dbfd6dbefe3c1bdc678e66316216311f7aa8bbba9c3d7fe3
File name: 5a9185a3b1b59657dbfd6dbefe3c1bdc678e66316216311f7aa8bbba9c3d7fe3Size: 52.73 KB (52736 bytes)
MD5: d81e236fc7be8998fcb9e7c7fe487396
Detection count: 14
Group: Malware file
Last Updated: October 5, 2010
04fb1bf9bcca924bfa3788d4be16a4df0fbf747c16e6c3a66a4993bb7d7928d6
File name: 04fb1bf9bcca924bfa3788d4be16a4df0fbf747c16e6c3a66a4993bb7d7928d6Size: 51.2 KB (51200 bytes)
MD5: 3a6b96fa2812d05bc676c3c0bad80b00
Detection count: 12
Group: Malware file
Last Updated: October 5, 2010
4e5c21d88260095ab6ade3b62eedfeb826d9cbbb619c9c2508ce942e4a2fc5f1
File name: 4e5c21d88260095ab6ade3b62eedfeb826d9cbbb619c9c2508ce942e4a2fc5f1Size: 82.43 KB (82432 bytes)
MD5: 402d62a28cfc5d449e0984a5b37438ce
Detection count: 11
Group: Malware file
Last Updated: October 5, 2010
%SYSTEMDRIVE%\Users\<username>\desktop\eqig.exe
File name: eqig.exeSize: 319.96 KB (319968 bytes)
MD5: b227e7c0d9995715f331592750d6ebc2
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\desktop
Group: Malware file
Last Updated: July 3, 2021
%SYSTEMDRIVE%\Users\<username>\desktop\8a0c95be8a40ae5419f7d97bb3e91b2b.exe
File name: 8a0c95be8a40ae5419f7d97bb3e91b2b.exeSize: 414.72 KB (414720 bytes)
MD5: 8a0c95be8a40ae5419f7d97bb3e91b2b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\desktop
Group: Malware file
Last Updated: August 20, 2018
1a0e3f8b529249d3ebafc1140a443201fd23b2350c92728bb10bbfc345e52a5c
File name: 1a0e3f8b529249d3ebafc1140a443201fd23b2350c92728bb10bbfc345e52a5cSize: 3.41 MB (3410181 bytes)
MD5: 2b4f2088ce0b3360fa2cc7b4f6d226a2
Detection count: 2
Group: Malware file
Last Updated: October 5, 2010
088709.exe
File name: 088709.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\lowsec\local.ds
File name: C:\WINDOWS\System32\lowsec\local.dsMime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\lowsec\user.ds
File name: C:\WINDOWS\System32\lowsec\user.dsMime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\ntos.exe
File name: C:\WINDOWS\System32\ntos.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\oembios.exe
File name: C:\WINDOWS\System32\oembios.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\sdra64.exe
File name: C:\WINDOWS\System32\sdra64.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\sysproc64\sysproc32.sys
File name: C:\WINDOWS\System32\sysproc64\sysproc32.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
C:\WINDOWS\System32\sysproc64\sysproc86.sys
File name: C:\WINDOWS\System32\sysproc64\sysproc86.sysFile type: System file
Mime Type: unknown/sys
Group: Malware file
C:\WINDOWS\System32\twain_32\local.ds
File name: C:\WINDOWS\System32\twain_32\local.dsMime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\twain_32\user.ds
File name: C:\WINDOWS\System32\twain_32\user.dsMime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\twext.exe
File name: C:\WINDOWS\System32\twext.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\wsnpoem\audio.dll
File name: C:\WINDOWS\System32\wsnpoem\audio.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
C:\WINDOWS\System32\wsnpoem\video.dll
File name: C:\WINDOWS\System32\wsnpoem\video.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Registry Modifications
The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{6780A29E-6A18-0C70-1DFF-1610DDE00108}" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{F710FA10-2031-3106-8872-93A2B5C5C620}" = "[HEXADECIMAL VALUE]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network "UID" = "[USERNAME]_[UNIQUE_ID]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe”
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{6780A29E-6A18-0C70-1DFF-1610DDE00108}" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{F710FA10-2031-3106-8872-93A2B5C5C620}" = "[HEXADECIMAL VALUE]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network "UID" = "[USERNAME]_[UNIQUE_ID]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe”
Zeus is NOT harmless it steals banking info. A quick google search of \"ZeuS kneber\" will confirm this
Zeus Trojan is certainly one of the deadliest Trojans to target the financial websites. It is learnt that Zeus Trojan has now acquired the capabilities to break into users\' bank accounts in spite of two-factor authentication systems.
Be warned.