• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Zeus popup

A popup, supposedly about a Zeus virus, is, once again, blocking Edge.

Labels: Virus, Windows 10

Replies

Kudos0

Re: Zeus popup

See this thread. It seems this is just an ad pop up, not a virus

https://community.norton.com/en/forums/zeus-virus-1#comment-7294701

If a full system scan in Safe Mode finds nothing, I would suggest a second opinion scan using the FREE version of Malwarebytes. You can find it here http://www.malwarebytes.org/products/malwarebytes_free/

Be sure you do not accept the offer of the free trial of the Premium version.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Zeus popup

It's a webpage scam. It's not an actual virus. Norton does not support Edge either.
Kudos0

Re: Zeus popup

Stay away from MalwareBytes. It use to be a great on demand scanner for free. But with the new version 3.0 it's a full blown suite. I recommend Zemana Antimalware Portable.
Kudos0

Re: Zeus popup

Hi leGrandChuck, 

To avoid getting the v3 version of MBAM, you can follow what suggested by @lmacri in this post in another thread, starting from: 

"If you don't want to post in one of the free malware removal forums and would like to try a Malwarebytes Anti-Malware scan, I'd suggest installing the free version of MBAM v2.2.1 (the latest free MBAM v3.0.5 can be downloaded <here>  if you prefer but v3 was just released a few weeks ago and still has a large number of known issues.  Then run a full system scan as follows:..."

Windows 7 HP SP1 32-bit | Chrome 65.0.3325.146 | NS 22.12.1.15
Kudos1 Stats

Re: Zeus popup

Malwarebytes still offers a free on demand scanner. It just seems that they word it differently as a trial. But after 14 days it reverts to the free on demand scanner.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Zeus popup

Version 3 is buggy as heck. They push the fill suite on you. The free version of 3 runs in the background. You have to manually close it. I no longer use it and older versions will soon be phased out. Better off with Zemana Antimalware Portable, Hitmam Pro, Norton Power Erase Kaspersky Virus Removal Tool or Emsisoft Emergency Kit. All of which are full portable.
Kudos0

Re: Zeus popup

OP: Is there such a thing as a legitimate portable version of Hitman Pro?

A: Not from the vendor, SurfRight. There was a portable version hosted at PortableApps.com several years ago but it is no longer available.

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Zeus popup

Kudos0

Re: Zeus popup

p: u r off /nou/

A popup, supposedly about a Zeus virus, 

and confusing:

 It's a webpage scam. It's not an actual virus.

ADD:

BC... it said and updated (recently).

bleepingcomputer.com/forums/t/549366/is-there-such-a-thing-as-a-legitimate-portable-version-of-hitman-pro/

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Zeus popup

Nothing to be confused about. Look at his screenshot. Have you ever seen a legit webpage stating "Windows Defender Zeus  Virus Detected".

https://community.norton.com/en/forums/zeus-virus-1

Kudos0

Re: Zeus popup

Hitman Pro is completely and totally portable. When you download it you get 2 options. Install or not install. Not install means it is portable. I think I should know this since it is one of my many arsenal of malware removal tools. If it is not portable then why do I have it on my USB stick along with several other tools? You can also use Hitman Pro as a bootable repair tool with it's Kickstart feature. 


Kudos0

Re: Zeus popup

HitmanPro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and does not slow down the computer (except for the few minutes it is scanning). HitmanPro does not need to be installed. It can be run straight from a USB flash drive, a CD/DVD, local or network attached hard drive.

https://www.bleepingcomputer.com/download/hitmanpro/

Need I say more

Kudos0

Re: Zeus popup

Hello PSB

Sorry, but

Another Page Cannot be found at Bleeping Computer.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Zeus popup

Thanks Flo. Same link just dead. Odd https://www.bleepingcomputer.com/download/hitmanpro/
Kudos0

Re: Zeus popup

The other one has /%A0 at the end.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Zeus popup

I got a Zeus-scam popup as well, and I had an experience similar to leGrandChuck's: The popup caused or coincided with a performance issue. 

In my case Chrome froze.

Then it took about five minutes for Control-Alt-Delete to respond.

I used Task Manager to close all open applications, and they all took a long time closing. The restart was very slow as well. 

After several reboots and scans, performance seems to be back to normal.

But if this is just an ad, why does it cause this kind performance trouble? 

Thanks. 

Kudos0

Re: Zeus popup

I'm not a coder, but I would suggest the performance issue is designed to make you think your system is actually infected and get you to call for help. Then you will pay lots of $$$ to allow them to log into your computer and do nothing to remove the fake infection, and possible steal your data while they are there.

Just be sure you do not click anything on these fake pages.

Some people have reported success in avoiding the ads by using an ad blocker add on for their browsers.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Zeus popup

Thanks very much. 

Could a simple ad serve have cause that type of performance issue, even if I made no response to the ad? 

Browsing history suggests the freezeup was caused by a high level of requests: 

In one minute (12:57 p.m.) the following links - none familiar to me - all opened: 

https : // sionicmedia . com/api728px/1798503149.js?pubid=c612d167c6fb&domain=washingtontimes . com&t=AwRZWkRab3hxd2gFA11JX1xueHxudAQGQEhBU3R9f3V3FGc6

https:// pub . maha-media . com/nlp/index.php?guid=a3645e25-e40a-45c1-92fe-d681cb8a2904&Hardlink=true&time=0&currenturl=c612d167c6fbswix.com&url=http : // engine . spotscenered . info/link . engine

http:// engine . spotscenered . info/Redirect.eng?MediaSegmentId=35248&dcid=1_ctx_0ac20a23-5736-46b8-81c0-c0f3a862b223&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=hXPZuKMawgsqqaXmgsiEEscqvxeFp0YWn8oV21lbHO8iCvpmH9sk2fSprt3x5A_b-2hEatyK0i4Deb-rUYJDFrdTFYwunJKu09ZEHLHzJxbMC4lKWmRU2SIAZZIZ6puf6Sl_MTKGlqp5Xe1CEFcKMdP7Va0NdQzNtXJPlg9-RNYvzGFCOUP0nwKhKpvmhjxKIpTE4AhrM_763I0EsqYRUmUeVo4THHiFUTwzCkRROjifIDZrzz_IuZXa1DhMrd-nHdunIYQ7lEWon90JrkRLOTzPai-Mcub0xD9TQQmD5pdiO1HsmbZBRHsNVcFGP-4zHwXXbf2oaFGWapnllyT071DgPeuIb_OoMphH31SNVSTMlONcf_RiXTGsdaFaa-ftc7YHLY8BQYYlzUybHN-xs9H7PDT8Nu7PT7wuHZTsjhRdWW4GQLyqpuYA5R527QKE9AvoWejyTiS4YebSugRAl5oSXGld_z3wQ3kw8UozqCvb0fxKcUPRvsVw3VwJoWn06tYM89yLGpo0-7uuwV4PcAO0wXWo8WfvcQRT0KdamtbYKFJnIrVXeQiSDNNtGT2ReAifMhsY1wRYhsLS2YYsjYPrt677MNKsqi571sBHj4uShy0A37ktxUX36EAI-ya9_WxYmOzigRGizCU8k3Me-ryBG1YCbQrxae_7Vog4vvLplfpBmZ-JFcqqH8g4CmujoQRHwPmt5moffBrAqzlwcQgSgAgIjCLayxl4LSgDc0lszVMi_jWouBz4w_GK1ZrKzGn_xJVJMte-BDjf0DAiqKlHRYAb06PjKX1AflPWaIWI2Kw1lp9-YHIFhS7qcHqPmPPStQtfxWK3kafB4X50rfnw5a_cvuNyUD0I5lPalCB-GAZ4GPu4XyejSo_QsxqYw5IhN2NnhAC-U8mUFwWF9Yg17MREQIaJz43iLwZIFFI5KNi7zCb0zyA_vglKZx7W81AuPswR62LWJhrjcV9nwgKGI6lJRKonGfqCnilaNYdIXNjt8CaBB3CrFCqgISeqPSAzaAleLzB6ljxu9r-5fVzsKfQ9RR1gbRXvh5uywTjT07darH0zwo7VicCpzliJCeSoQBqcDHWSVSdSn5RwMsfnBXQLMPaRs-4cM4ZMUs6FdRD26zges3qJ05txAhB1A0QpgBbmWrGNP-ryJtA-mZUm_YHUqZ-jBEaVLSr8fdAqm4zKxfE1AbQVRILetLievlmwtDXlEtauO_2wBKlUMoh_jBjZB8V4txv7sWEER1s1

http : // server3 . rogerclickstrackingtoday . com/?pagex=11&=Windows&browser=Chrome&isp=Comcast%20Cable%20Communications%20inc.&ip=73.213.246.14&asdflasdl0tfn1asldfalsdffl=855-205-4216

http : // syntax-h36a83z . info/visit/?pagex=11&=Windows&browser=Chrome&isp=Comcast%20Cable%20Communications%20inc.&ip=73.213.246.14&asdflasdl0tfn1asldfalsdffl=855-205-4216
(This last one has the meta ALERT in Chrome browsing history. All the others are uncharacterized.) 

I did not see any of these links except the ALERT URL, which contained the phishing language (demanding the user call a number to stop the virus, etc.). I was unable to close this tab or to close Chrome. 

The next minute (12:58 p.m.) the following links opened: 

http:// syntax-h36a83z . info/visit/0

http:// syntax-h36a83z . info/visit/01

http :// syntax-h36a83z . info/visit/012

http : // syntax-h36a83z . info/visit/0123

http :// syntax-h36a83z . info/visit/01234

This numerical string continued for the next three minutes (until 1:01 p.m.), generating more than 4,000 URLs. The numerical string on the final URL is about 14,000 digits. 

Again, this is all from Chrome browsing history. I did not see any of these processes, nor did I click on or in any other way respond to the ad. But Chrome and all other applications became unresponsive, and as noted above, even Control-Alt-Delete took several minutes to respond. The whole computer was extremely slow through several reboots after that. 

Can all of that happen just from serving a phishing ad, even if you don't respond to it? 

Thanks. I know I'm belaboring this, but I'd like to be sure there is not some malware that Norton is not picking up. 

Any advice or insights would be appreciated.

Kudos0

Re: Zeus popup

Could a simple ad serve have cause that type of performance issue, even if I made no response to the ad? 

The ad could be coded to open a new window and send requests somewhere to use up resources to show your system is sluggish to prove their point that your system is infected (not).

If your system runs fine when that page is not displayed, it would indicate an issue with that page.

Things happen. Export/Backup your Norton Password Manager data.

This thread is closed from further comment. Please visit the forum to start a new thread.