Zeus Trojan

Zeus Trojan Description

Zeus Trojan Screenshot 1Zeus Trojan is an extremely dangerous parasite that is widely known to be of an aid to hackers in an effort to steal banking information. Zeus Trojan may be made up of several compromised computers, or botnets, which are all programmed to infiltrate systems ultimately stealing data. Zeus' botnets have stolen data from millions of computers and is a serious nuisance to computer users affected by its deceptive tactics. Zeus Trojan may write itself to boot sectors of a PC's hard drive where it may load at startup making it difficult to terminate or remove from a system. Zeus is one of the most dangerous Trojan parasites in existence and continues to plague many computers around the world. Detection and removal of Zeus may be a difficult task which is why the assistance of a trusted spyware removal tool may be needed.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Zeus Trojan may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



output.1301364 unpacked.exe File name: output.1301364 unpacked.exe
Size: 249.34 KB (249344 bytes)
MD5: 19c68862d3a53ea1746180b40bf32226
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
output.1301364.exe File name: output.1301364.exe
Size: 285.18 KB (285184 bytes)
MD5: 7fe11cfcd7c66f7727cfc4613e755389
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
0a5a1aff63464d7054b099da9e30c1972b9b8ad914a840d22bb43efde2e97780 File name: 0a5a1aff63464d7054b099da9e30c1972b9b8ad914a840d22bb43efde2e97780
Size: 153.08 KB (153088 bytes)
MD5: 147d3b7ae504aca05da1dfa371c0785c
Detection count: 85
Group: Malware file
Last Updated: October 5, 2010
54c9486814f6ba52295198acbd17e53d1925b1372fc1653af1c5b00d2d507e72 File name: 54c9486814f6ba52295198acbd17e53d1925b1372fc1653af1c5b00d2d507e72
Size: 2.38 MB (2383139 bytes)
MD5: 1bbada208addf0874592921a1fe19873
Detection count: 85
Group: Malware file
Last Updated: October 5, 2010
37dd337eac809ed0744e29987ce3495669b2a904732a976a23b8ffcd5972e646 File name: 37dd337eac809ed0744e29987ce3495669b2a904732a976a23b8ffcd5972e646
Size: 275.96 KB (275968 bytes)
MD5: 92d895c89da37b2fbe91735694b89a19
Detection count: 75
Group: Malware file
Last Updated: October 5, 2010
26aa7c43def2dcefca22b318ba3746ffd4de09b8d1b80181f86eaf82c7971a05 File name: 26aa7c43def2dcefca22b318ba3746ffd4de09b8d1b80181f86eaf82c7971a05
Size: 504.83 KB (504832 bytes)
MD5: ef988034f110d7738bd3ca20e301f282
Detection count: 65
Group: Malware file
Last Updated: October 5, 2010
10f2ba65c8265c4efaa05ed8946471310cb463a1ecc6fa9787e3f40fad0ad4f8 File name: 10f2ba65c8265c4efaa05ed8946471310cb463a1ecc6fa9787e3f40fad0ad4f8
Size: 713.72 KB (713728 bytes)
MD5: 99022c80a05650643197159a26ac80d3
Detection count: 63
Group: Malware file
Last Updated: October 5, 2010
08e6be87dd74250d33fad706dc57d8f52d8952762adf7c9ee68836bb9a25b032 File name: 08e6be87dd74250d33fad706dc57d8f52d8952762adf7c9ee68836bb9a25b032
Size: 271.36 KB (271360 bytes)
MD5: ffc452af363c3740c6a8018193d198cd
Detection count: 51
Group: Malware file
Last Updated: October 5, 2010
6e64ddf1f1378b164da4ab93653a4f9773b669f6702104343300271cac42cc49 File name: 6e64ddf1f1378b164da4ab93653a4f9773b669f6702104343300271cac42cc49
Size: 716.8 KB (716800 bytes)
MD5: c8c554b2ea286642b69309e40a9b0857
Detection count: 45
Group: Malware file
Last Updated: October 5, 2010
5a9185a3b1b59657dbfd6dbefe3c1bdc678e66316216311f7aa8bbba9c3d7fe3 File name: 5a9185a3b1b59657dbfd6dbefe3c1bdc678e66316216311f7aa8bbba9c3d7fe3
Size: 52.73 KB (52736 bytes)
MD5: d81e236fc7be8998fcb9e7c7fe487396
Detection count: 14
Group: Malware file
Last Updated: October 5, 2010
04fb1bf9bcca924bfa3788d4be16a4df0fbf747c16e6c3a66a4993bb7d7928d6 File name: 04fb1bf9bcca924bfa3788d4be16a4df0fbf747c16e6c3a66a4993bb7d7928d6
Size: 51.2 KB (51200 bytes)
MD5: 3a6b96fa2812d05bc676c3c0bad80b00
Detection count: 12
Group: Malware file
Last Updated: October 5, 2010
4e5c21d88260095ab6ade3b62eedfeb826d9cbbb619c9c2508ce942e4a2fc5f1 File name: 4e5c21d88260095ab6ade3b62eedfeb826d9cbbb619c9c2508ce942e4a2fc5f1
Size: 82.43 KB (82432 bytes)
MD5: 402d62a28cfc5d449e0984a5b37438ce
Detection count: 11
Group: Malware file
Last Updated: October 5, 2010
%SYSTEMDRIVE%\users\esg\desktop\eqig.exe File name: eqig.exe
Size: 319.96 KB (319968 bytes)
MD5: b227e7c0d9995715f331592750d6ebc2
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\users\esg\desktop\
Group: Malware file
Last Updated: August 20, 2018
59a2572372771006e28eee4c44b272d77f952fc98d55746d598c65e4f0f97a1a File name: 59a2572372771006e28eee4c44b272d77f952fc98d55746d598c65e4f0f97a1a
Size: 102.4 KB (102400 bytes)
MD5: 145d5ded9d8ca5a086e23f85e59593f8
Detection count: 6
Group: Malware file
Last Updated: October 5, 2010
%SYSTEMDRIVE%\users\esg\desktop\8a0c95be8a40ae5419f7d97bb3e91b2b.exe File name: 8a0c95be8a40ae5419f7d97bb3e91b2b.exe
Size: 414.72 KB (414720 bytes)
MD5: 8a0c95be8a40ae5419f7d97bb3e91b2b
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\users\esg\desktop\
Group: Malware file
Last Updated: August 20, 2018
%SYSTEMDRIVE%\users\esg\desktop\eqig unpacked.exe File name: eqig unpacked.exe
Size: 261.12 KB (261120 bytes)
MD5: 7bc463a32d6c0fb888cd76cc07ee69b5
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\users\esg\desktop\
Group: Malware file
Last Updated: August 20, 2018
1a0e3f8b529249d3ebafc1140a443201fd23b2350c92728bb10bbfc345e52a5c File name: 1a0e3f8b529249d3ebafc1140a443201fd23b2350c92728bb10bbfc345e52a5c
Size: 3.41 MB (3410181 bytes)
MD5: 2b4f2088ce0b3360fa2cc7b4f6d226a2
Detection count: 2
Group: Malware file
Last Updated: October 5, 2010
088709.exe File name: 088709.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\lowsec\local.ds File name: C:\WINDOWS\System32\lowsec\local.ds
Mime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\lowsec\user.ds File name: C:\WINDOWS\System32\lowsec\user.ds
Mime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\ntos.exe File name: C:\WINDOWS\System32\ntos.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\oembios.exe File name: C:\WINDOWS\System32\oembios.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\sdra64.exe File name: C:\WINDOWS\System32\sdra64.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\sysproc64\sysproc32.sys File name: C:\WINDOWS\System32\sysproc64\sysproc32.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
C:\WINDOWS\System32\sysproc64\sysproc86.sys File name: C:\WINDOWS\System32\sysproc64\sysproc86.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
C:\WINDOWS\System32\twain_32\local.ds File name: C:\WINDOWS\System32\twain_32\local.ds
Mime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\twain_32\user.ds File name: C:\WINDOWS\System32\twain_32\user.ds
Mime Type: unknown/ds
Group: Malware file
C:\WINDOWS\System32\twext.exe File name: C:\WINDOWS\System32\twext.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
C:\WINDOWS\System32\wsnpoem\audio.dll File name: C:\WINDOWS\System32\wsnpoem\audio.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
C:\WINDOWS\System32\wsnpoem\video.dll File name: C:\WINDOWS\System32\wsnpoem\video.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{6780A29E-6A18-0C70-1DFF-1610DDE00108}" = "[HEXADECIMAL VALUE]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer "{F710FA10-2031-3106-8872-93A2B5C5C620}" = "[HEXADECIMAL VALUE]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network "UID" = "[USERNAME]_[UNIQUE_ID]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "userinit" = "%System%ntos.exe”

Related Posts

Posted: March 28, 2006
Threat Metric
Threat Level: 8/10
Infected PCs 16

2 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.