Fix: Windows Defender Detected Zeus Virus on Your Computer

Some Windows users are worried that their computer is infected after seeing the ‘Windows Defender Virus Alert‘ while browsing the Internet and seeing that their computer becomes unresponsive. Upon visiting certain web pages, affected users a pop-up claiming to belong to Windows Defender saying that their computer is infected and urging them to call the official number for support. This particular pop up is encountered on multiple browsers (Edge, Chrome, Opera, Firefox) and with multiple Windows versions including Windows 7, Windows 8.1 and Windows 10.

Is the Zeus Virus Security Threat Real?

As you could probably already tell, this is a fairly common Tech Support scam that is present on the vast majority of web browsers currently on the market.

Distinguishing real alerts from fake ones is very simple (on every operating system) – no OS will issue a warning inside your web browser if a security threat is found. If you’re using the built-in solution (Windows Defender), you’ll get a warning inside a dedicated window. In the event that you’re using a 3rd party security suite, you’ll be prompted by it, not by your browser.

So with this in mind, know that any security warning that arrives through your browser IS FAKE.

This scam is just another variation of the many fake support error messages: Call Microsoft Support, Google Security Warning, and dozens of other similar scams.

How does the Zeus Virus scam work?

Few people would fall for this kind of social engineering scam if the scammers didn’t use a trick that locks up the browser.  The Zeus Virus scam and the vast majority of Tech Support scam variations will use a JavaScript trick that ends up looking up the victim’s browser.

But keep in mind that no malicious code is used – that’s why security scans won’t detect any malware on computers that are dealing with his particular pop-up.

The real Zeus Virus

The Real Zeus virus is one of the most popular malware that has been released over the years. Since it was first detected in 2010, it wreaked havoc on millions of Microsoft Windows computers, stealing financial data and becoming one of the most successful pieces of botnet software int he world.

Even though the original creator supposedly retired it in 2010, a number of variants of the same security threat showed up after the source code was leaked. With the latest cyber-security advancements, the dangers of this particular virus are practically harmless if you’re using any kind of security method – even Windows Defender is equipped to deal with this security threat.

As you can imagine, the scammers behind the Zeus Virus popup are using the popularity of this particular malware to freak people into calling their numbers and become the victims of social hacking.

How does the Zeus Virus Scam work?

There are hundreds of variations of this Tech Support Scam. The practice has been around for years,  but as it turns out, unsuspecting web servers are still getting tricked regularly.

Since this pop-up is not triggered internally, the scammers need to use a domain that has not yet flagged by databases such as SmartScreen or other 3rd party equivalents. Either this or they managed to hijack a high-profile website and are now exposing all visitors to this particular scam. This has happened before with Yahoo Mail, MSN News, and a few other high-profile websites.

If a website is infected and starts showing this pop-up to its visitors, it will end up doing a ‘malware-site redirect, meaning that it will redirect the exposed user to a domain that is part of the scam.

In case you’re wondering, the scammers manage to block your computer by looking a JavaScript modal alert (also known as a dialog loop).

Remember that the scammers are using a social engineering tactic to get their hands on money or private data from unsuspecting victims by pretending to fix the computer.

How to remove the ‘Zeus Virus’?

Since you’re actually dealing with a scam and not with an actual virus threat, your computer isn’t actually infected with the Zeus virus.

However, in this particular case, the pop-up can also be triggered by your browser if it has been hijacked. Certain PUPs (Potentially Unwanted Programs) that are bundled with genuine programs might also come with a malicious code that will hijack your browser and display this pop-up regardless of the website you’re visiting.

Let’s consider a scenario where this pop-up alert is looping a modal alert that is locking up your computer. Here’s what you need to do:

1. When you see the alert, click Ok at the first prompt, then check the box associated with “Don’t let this page create more messages” or “Prevent this page from creating additional dialogues” is checked.
   

   

   Note: Depending on your browser, this page might look a little different.

2. With the box checked, click on Ok (or Back to safety) to get rid of the annoying message.
3. Then, press Ctrl + Shift + Delete to open up Task Manager.
4. Once you’re inside the utility, go to the Processes tab, right-click on the browser that you’re encountering the issue on and choose End Task.

   

5. If you see the issue re-occurring regardless of the web pages you’re visiting, chances are your browser has been hijacked and is displaying the pop-up for every website that you visit. In this case, you’ll need to eliminate the local threat. The most efficient way to do this is to follow this article (here) to perform a Malwarebytes deep scan and remove the hijacker.
6. Once the threat has been identified and dealt with, it’s time to reinstall your browser since it’s probably missing some files (the ones that were quarantined). To do this, press Windows key + R to open up a Run dialog box. Then, type “appwiz.cpl” and press Enter to open the Programs and Features window.

   

   Note: If you’re encountering this issue with Edge browser or Internet Explorer, the following steps are not necessary since both browsers will get regenerated by the OS.

7. Inside the Programs and Features window, scroll through the list of applications and locate your browser. Once you see it, right-click on it and choose Uninstall.

   

8. Visit the official download page of your browser and download the installation executable, then follow the on-screen prompts to reinstall it on your computer.

   

How to protect yourself against the ‘Zeus Virus’ scam

The main reason why people face this fake security threat in the first place is careless behavior. Either this or poor computer knowledge. The key to setting clear of these scams is to practice caution.

With this in mind, stay away from downloading & installing software from an unknown publisher. Also,  avoid going beyond the safe zones maintained by the most popular browsers – Edge has SmartScreen Defender and all the major 3rd party browsers have their own proprietary shields.

Your browser will ask you whether you want to step outside the safe zone. If you choose to do so, you’re doing it at your own risk.

However, even sticking inside the so-called ‘safe zone’ is not 100% safe. Scammers are now able to register new domains at a lightning pace. Fortunately, SERPs are now doing a good job of keeping these web pages off the search results.

On a final note, you need to remember that what the hackers are using is a social engineering hack. Which means that unless you hand them the data or money yourself, they have no means of getting it from you. So whenever you see pop-up scans like the Zeus Virus alert, don’t call the Toll Free number and you’ll be safe.

If you want to prevent your computer from showing these fake security prompts, you can install a pop-up blocker. But doing this means that you will also not see other pop-ups that might be legitimate. Here are a few pop-up blockers to consider:

• uBlock
•  Pop up blocker for Chrome
•  Popup Blocker Ultimate for Mozilla