Keylogger Zeus threat and its rogueware aspect

Detection Date: 07.10.2011  |  Virus Type: Trojans

Screenshot of Keylogger Zeus Related Fake AlertYesterday this blog was updated with a post about AV Guard Online crimeware. In this context, it makes sense dwelling on one of the symptoms of this contamination. The virus name in the title is Keylogger Zeus. Let’s now try to correlate these two infections. It’s reasonable to point out tight away that one of them is a false one, i.e. something that is not on your PC actually. As you already know, AV Guard Online displays fake positives when operating on one’s computer. These are scary-looking intimidating ads whose purpose is to confuse the user. The rogue lists some allegedly critical security threats on the infested machine, hence encouraging the victim to end up on a billing page where credit card data are to be entered for a license payment to be processed. Now, Keylogger Zeus is mentioned in one of such counterfeit alerts which says: “Unwanted software or tracking cookies have been found during last scan. Keylogger Zeus was detected and put in quarantine”. Also, according to this spoof warning, this particular piece of malicious code is a very dangerous software used by criminals to steal personal data such as credit card info etc.”. Therefore, since Keylogger Zeus is a part of the scareware tactic implemented by its parental virus, this whole gang should be eliminated from your PC completely.

How to detect and remove Keylogger Zeus malware

To ensure Keylogger Zeus and its fellow-infection accurate detection and efficient removal, we strongly recommend using the trusted remover with free scanner.

Download free virus scannerDownload free Keylogger Zeus virus scanner
Save the installer to your hard drive and launch now.

If you intend to perform manual malware removal, you need to possess some computer troubleshooting skills. This will require stopping the malignant processes, deleting malware files and registry keys.

Terminate Keylogger Zeus associated processes:

W1ivD3onFaHsJfL.exe
Lvvm.exe
Conhost.exe
Csrss.exe

Delete these files and folders:

%SystemRoot%\system32\W1ivD3onFaHsJfL.exe
%SystemRoot%\system32\lvvm.exe
%AppData%\zA0uvS2ib3m5Q6EAV Guard Online.ico
%AppData%\conhost.exe
%AppData%\csrss.exe
%AppData%\E84E.1B6
%AppData%\ldr.ini
%AppData%\VwjUVelIBz0c\
%AppData%\zA0uvS2ib3m5Q6E\
%AppData%\nTZqjYCwkVzN\
%AppData%\Microsoft\csrss.exe
%UserProfile%\Desktop\AV Guard Online.lnk
%Temp%\4F.tmp
%Temp%\53.tmp
%Temp%\54.tmp
%Temp%\55.tmp
%UserProfile%\Start Menu\Programs\AV Guard Online\
%UserProfile%\Start Menu\Programs\AV Guard Online\AV Guard Online.lnk

Remove AV Guard Online’s registry keys:

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run “gTZqjYCkIrOyAuS8234A=%SystemRoot%\system32\W1ivD3onFaHsJfL.exe”
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run “conhost=%AppData%\Microsoft\csrss.exe”
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings “ProxyEnable=00000001″
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable=00000001″
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer=http=127.0.0.1:53717″
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections “DefaultConnectionSettings=3C0000000B0000000…”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections “SavedLegacySettings=3C0000006B0000000…”
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run “%RANDOM%=%AppData%\csrss.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows “Load=%SystemRoot%\system32\lvvm.exe”
HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell=explorer.exe,%AppData%\conhost.exe”

In order to avoid system damage, we advise using the automatic tool which will do the removal job for you.

Download Keylogger Zeus Removal Tool

Important Notice

This site is by no means related to Keylogger Zeus, nor is it affiliated with or owned by its creators. Any information available on antivirustech.com is not to be in any way associated with distribution of this infection.
Our primary and sole mission is to instruct our visitors in the issues of Keylogger Zeus detection and manual/automated removal methods.
Please bear in mind that manual removal of this malware is not ultimately effective because the corrupted file names can get repeatedly modified or be hidden. Therefore it’s recommended to use the automatic solution to ensure the removal of this scam and eliminate possible risks that may arise due to improper registry and file system manipulations.
The free virus scanner provided on our website is meant for detection only. If you choose to use the tool for malware removal, you will need to buy its full version.

Computer acting up?

All-In-One PC Performance Optimization Software

One Response to “Keylogger Zeus threat and its rogueware aspect”

  1. Artis Stewart says:
    November 15, 2011 at 07:07

    What if it’s in your computer and your internet explorer will not pull up to download this software?

Leave a Reply