Q: I have a Zeus Trojan called w32.infostealer.zeus?

Fw: Yahoo! Answers: Your answer has been chosen as the best answer


Q: I have a Zeus Trojan?
I have recently bought the game “Kerbal Space Program”, a somewhat popular game
where you have to build rockets to get to other celestial bodies. Well, many
people play it, and they don’t seem to have any viruses; it’s even on Steam.
Anyhow, my antivirus program (Webroot SecureAnywhere) detected a trojan in the
KSP (Kerbal Space Program) file. The virus was called “w32.infostealer.zeus”. My
antivirus program hastily deleted it, and did a reassurance scan to assure that
the trojan was completely gone. It apparently was, so I resumed what I was doing
before I had received the alert. That happened several days ago, and a few
minutes ago, I had received a second alert saying “Warning! Webroot
SecureAnywhere has detected a trojan! ‘w32.infostealer.zeus'”. The file location
was the KSP game patch file. How can I get rid of this trojan? I hear that it is
very dangerous. Please help!


Best Answer – Chosen by Voters

You have a world class top security program Webroot, which began as one of the
best antispyware programs world wide and towards the end of this past decade
combined with world class Sophos Antivirus which is big business/corporate
enterprise level protection and with Webroot is the only home user version of

Just as a self replicating worm, this may be running an extra variant or even a
couple. With the self replicating worm it generally always takes two or more
scans and reboots to get all of it – and poof gone finally. I would not believe
you need anything more than the high quality security software you have
installed. No one may believe Webroot can not get rid of infostealer or the
infamous Zeus bot infection.

Try scanning and rebooting until you get no more warnings maybe the third time
is charm. painful aggravation and disruption.

You may want to put the computer into Safe Mode with Webroot fully updated and
THEN perform a full scan. Computer off or hit Restart. As the computer is
starting up keep tapping the F-8 key top keyboard. Black screen will appear with
diagnostic modes and choose Safe Mode. This only allows basic start up of
Windows processes and malware start up processes are not able to run. It is used
most times for security scans and safe removals unless trouble shooting other
start up software problems.

IF RUNNING WINDOWS 8…. you may want to install this ditty, works fine on
How to Make the F8 Key Work for Safe Mode in Windows 8
Booting into safe mode became non-trivial in Windows 8, especially if you were
accustomed to the old F8 shortcut. Here is how to get F8 working again.
Note: we aren’t necessary recommending that everybody make this change – we
are just showing that it is still an option. You can alternatively use some of
the new Windows 8 features to fix your computer instead. ….

The .zeus part of info stealer seems designating one variant rather than
indicating the Zeus infection. Info stealer is dangerous. Apparently if this is
the infection it is acting kind of as a trojan downloader or rootkit type
infection which is able to download more malware. It does not seem likely
Webroot can miss that evenm as a “backdoor” infection” . I read a little on it
and seems possible the associated website has had an infection which then when
the installed program does a kind of “call home’ it is a new infection and
possibly, possibly bypasssing detection as the program has been given permission
as a safe program as opposed to a PUP.

install … (it will show exactly what is running in start up and a heck of a
lot more….
Emsisoft HiJackFree (Genuine Freeware)

SUPER ADVANCED… (if comfortable and knowledgable working with the Windows
Registry, have a look)
How to Remove an Infostealer Gampass Virus


— On Mon, 7/29/13, Yahoo! Answers <answers-alert@…> wrote:

> From: Yahoo! Answers <answers-alert@…>
> Subject: Yahoo! Answers: Your answer has been chosen as the best answer
> To: antibotnet@…
> Date: Monday, July 29, 2013, 1:24 AM
> Hey,
> AntiBotnet, look what you got!
> Congratulations,
> you’ve got a best answer and 10 extra points!
> Your answer to the following
> question really hit the spot and has been chosen as the best
> answer:
> I have a Zeus Trojan?
> Go ahead, do your
> victory dance. Celebrate a little. Brag a little.
> Then come back and answer a few more questions!
> Thanks for sharing what you know and
> making someone’s day.


%d bloggers like this: