9 Replies Latest reply on Aug 8, 2017 7:24 AM by joshross

    zeus trojan phishing pop up


      In the past two days, while using internet explorer on Windows 7, on sites that I visit regularly, I have received pop-ups that I have the Zeus Trojan virus and should call some number to unlock my PC.   I have been able to use task manager to end the task, then rebooted and ran a  "full" vscan (which is not really full anymore) which showed no problems, and deleted cookies and temporary files.


      I have Internet Security 16.0 Security Center 16.0.154 and my Windows 7 is up to date.


      From web searches I know its a phishing scheme.  But why doesn't McAfee WebAdvisor prevent these?

        • 1. Re: zeus trojan phishing pop up

          Probably because you've already picked up a bad cookie somewhere along the way. This thread may help you:  Zeus Desperation

          • 2. Re: zeus trojan phishing pop up

            Discussion successfully moved from General Discussion to Home User Assistance

            • 3. Re: zeus trojan phishing pop up

              Went to the referenced thread.    Wished there had been more McAfee products,  and they seemed geared more toward a virus, than a phishing that I could get rid of with task manager.


              If there was a bad cookie, why didn't Mcafee find it, either on vcsan or when it was accessed?   Did it get missed by the abbreviated "full" scan?


              I have been cleaning cookies, and temp files with both Windows internet explorer options and with McAfee quick clean.  I have also been doing only limited web usage with Explorer.  It has not occurred in past two days.


              Today, I did get some time to do a Windows' system restore to a point before the problem showed up.  I will see what happens.  I did note that after the system restore, the Mcafee  virius scan engine version was that of the restore point date, not today's.    I tried a manual update, but Mcafee said I was up to date, and engine version is still from the restore point date.

              • 4. Re: zeus trojan phishing pop up

                Who knows?  That was only a guess.  After using System Restore check for Windows Updates that may have have been lost due to the winding back in time.  Good luck.  

                • 5. Re: zeus trojan phishing pop up

                  I did check for windows updates, and there weren't any.

                  • 6. Re: zeus trojan phishing pop up

                    If everything is fine now then I would temporarily disable System Restore to delete the "infected" restore point.

                    • 7. Re: zeus trojan phishing pop up

                      At least you recognised that these messages were phony, unlike many people who actually call those numbers and then proceed to get ripped off by some bunch of scammers.


                      "... I have the Zeus Trojan virus and should call some number to unlock my PC".


                      The "call-this-number" part is a dead giveaway. No reputable company would insert a hard-coded number into a warning message. At least, I hope not


                      Where the messages are coming from : Peter's suggestion of bad cookies is I think a little wide of the mark. More likely this is a drive-by, a rogue advertisement inserted onto an otherwise blameless website (it happens all the time, the advertising-space marketplace buys and sells ad slots in real-time even as your web page is loading). It could be there is or was an ad on a page that contained the instructions - draw a pop-up window, add some text - either embedded in the advertisement or on a server somewhere that the ad connected to.


                      If you haven't got an ad blocker, I would advise you to install one. Media companies hate them but they're often the ones dishing up the poisoned ads, so I don't see why they should complain. And every so often run AdwCleaner and/or Malwarebytes as a backup check : sometimes a PUP will slip under McAfee's radar. It's best to have a second opinion.

                      • 8. Re: zeus trojan phishing pop up

                        I guess I'll look into add blockers.  It is concerning, since the second time it was my Yahoo email. The first time was the web site of large local newspaper (although my yahoo email was on a different explorer window at the same time).

                        • 9. Re: zeus trojan phishing pop up

                          But sometimes it really is good scareware techniques regardless of the fact. It filters out people with common sense and drags in lesser experience people into their scam. Zeus overall is a pain as a trojan as an ad or whatever else they can put it in. Some info about it. And for future reference, if anyone else is encountering the same problems, you can try the following guides for virus removal. Guide 1 - Guide 2.