We help IT Professionals succeed at work.

Fake Zeus Virus Detected Popup Warning

I've seen a few times where an Internet page popup displays a bogus warning about the Zeus Virus being detected.  The last one had a support number to sucker you into calling (888)289-9990.

In researching this I am very unclear as to if any sort of infection actually exists or if this is just all tricky web popups.
When I've seen these popups before I just End Task them.  Every time I've run Malwarebytes or another scanner afterwards, it has come up clean.

But googling the net shows people running adware remover, malwarebytes as well disabling and removing certain unspecified browser plugins/extensions/add-ons.

When I see one of these fake zeus popups, does it ever indicate my system is infected, not with Zeus but with the Fake Zeus Detector popup?

What's the real deal here?  Should I just close the popup, or should I take more serious measures?
Comment
Watch Question

ITSysTechSenior Systems Administrator

Commented:
In this type of situation the scammer is doing like you mentioned they want you to call the number so they can remote control your computer and charge you for the service. You might want to take a snap shot of your startup programs and post it. You can do this by right clicking on your task bar and going to Task Manger then go to the Startup tab and use the snipping tool (built into windows and post the results). Because it shouldn't keep popping up after you ran malwarebytes etc.,. It is also quite possible that this fake detector is only coming up when you visit a certain web page (usually Java based or Flash).

Author

Commented:
ITSysTech - it doesn't popup all the time on a given machine, in fact fairly rare.  At the moment I don't have access to the machine I've most recently seen this on.  These Fake Zeus Popup variations have been around a log time.  Again, are they indicative of a real adware infection that generates the Fake Zeus Popup, or is the Popup fairly toothless if you don't call the fake support phone number?
ITSysTechSenior Systems Administrator

Commented:
It would be important to find out why and when it is popping up. Mainly because some users do call this number and find themselves giving their credit card to the tech scammers. Next time it happens I would note the programs running (word, fire fox etc,.) and the webpage being visited if there is one and get back to us.
Quid, Me Anxius Sum?  Illegitimi non carborundum.
Commented:
>>  or is the Popup fairly toothless if you don't call the fake support phone number?

Fairly toothless if you're getting it in a browser.  Scammer at work.  End task the page and move on.

Try changing the user's browser to something better.  I'd recommend Chrome.
ITSysTechSenior Systems Administrator
Commented:
For your reference:

"Why am I Seeing these Zeus Virus Detected PopUps?
The Windows Detected ZEUS Virus Tech Support Scam is shown through advertisements that redirect you to sites that display this scam. These advertisements can be displayed by installed adware programs or through less than reputable sites that are displaying them to generate advertising revenue. For the most part, if you see a browser based tech support scam, then you can simply close the browser and start it again. On the other hand, if you are continuously seeing popups with alerts like "Windows Detected ZEUS Virus" or "ZEUS VIRUS DETECTED", then you should scan your computer for adware and remove anything that is found. Last, but not least, if you have contacted the listed phone number and purchased any services from them, you should contact your credit card company and immediately dispute the charges as a scam."

Author

Commented:
ITSysTech

Not really wanting to go that route as this is on a few different machines that I've seen it on, and not just my own, and harder to track

Was more looking for someone who may have dealt with these fake Zeus infection popups:

In general when I see one of these fake zeus popups, does it ever indicate my system is infected, not with Zeus but with adware that presents the Fake Zeus Detector popup?  

Or is the popup purely generated from a malicious web advertisement that is simply popping up the Fake Zeus Detector without actually infecting my computer?
Commented:
I got the scam page while using Firefox to look at zabasearch.com.  Apparently the scammers hacked monetize.com which zaba uses to collect from the ads displayed when their search system is used.  Simply close the browser page and it will all go away.