How To Remove The Real Virus: Zeus.Zbot.Aoaq: A Hoax

Yesterday, a buzz spread throughout the net about this notorious ‘zeus.zbot.aoaq’ trojan spreading on someone else’s computer. It was rumored to be detected by his ‘ZoneAlarm’ Anti-virus. Sadly, this news is just nothing but a scareware. Thinking, that other virus-scanners like (AVG) have not detected this threat.

Anyway, I was really surprise that most of the people don’t know what a Zeus Trojan really is. And heck! Even some web-publishers think this is the same strain of virus that emptied the online banking accounts of some Europeans awhile ago. As you can see, just because its name is ‘Zeus’ doesn’t mean it was the Zeus V3 Trojan already

.
So let me enlighten you a bit about this security threat.
Zeus has become the name for the largest ‘botnet’ scheme for USA with an estimated amount of 3.6 slave-computers around the globe. It’s infamous of robbing people’s bank accounts in one day and so-far its really hard to detect and to remove because when you trace its IP, you will be pinpointed to a bot.

There are two types of Zeus-attacks. A simple attack, if it wants your PC to be a part of its botnet, so it can grow its colony. And the other one is really the menacing part – And that is, if it will call all its botnets to attack a certain victim (Usually banks, financial institution, large tech sites) via DOS (Denial-of-service attack) to cripple that financial website while trying to withdraw its online accounts. According to wiki, just last year, a zeus attack had manage to compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA,Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.

Zeus infiltration to an ‘average-joe’s’ computer is detectable by anti-virus, but its developers are constantly improving it to make it by-pass someone else’s guard. Zeus targets are Windows OS particularly (XP) and usually, it attacks your C:\windows\system32 by leaving malicious files and making it dormant there until the culprit launches a hit (bot-attack) to its real victims.

Also, Zeus files are very tricky. It masks itself as NTOS.EXE, LD08.EXE, LD12.EXE,PP06.EXE, PP08.EXE, LDnn.EXE, PPnn.EXE and other extension filenames.

Actually, no one knows the particular ‘string name’ of the bot that emptied the European online accounts before. Surprisingly, most of the articles I am reading about this ‘zeus.zbot.aoaq’ are confirming that it was the same strain.

While we can’t verify the validity of ZoneAlarm’s zeus threat. I can safely assume that it was a fake-one. Why? Because there’s no such thing as a Zeus with a string-ending of ‘Aoaq’. A generic zeus Trojan will be detected by anti-virus as Zeus.Zbot. But there’s no such thing as ‘aoaq’ ending. Obviously, that name was just appended to its the generic-name to make it sound like a real zeus Trojan. And if it was something that’s a real threat, then it would have been detected by other anti-viruses. Problem is, it was an isolated case for ZoneAlarm.

How to Remove it?

I recommend that you pick an efficient anti-virus (Nod 32, Kaspersky, Avast) and update it all the time. Use malwarebytes and set it to constantly scan your PC everyday. This works for me all the time, I can’t see any reason why it shouldn’t work for you.

You can also prevent any Zeus attack by asking an IT guy, to lock-in your System32 folder by doing a shell-guard. This will ensure that no one can access that folder unless you remove the restriction. The only problem with this is when you want to install a new program. You need to call your IT again, if you don’t have the technical know-how.

Also, I can’t stress enough that you should at least your common-sense when dealing with virus. If I am the ‘bad guy’, I would obviously put this Trojan to places wherein people would want to click it and download. (Videos, porn, smutty files, hack files, etc) Now, I am not saying all of those files are filled with trojans/malware, I’m just saying some of them are. Being a user, it is your responsibility to understand the risks and if you are willing to take it or not.

I’ll repeat, just because its Zeus doesn’t mean it will empty your bank account already. So if you happened to see one. Don’t panic.