Start a new topic

Zeus Trojan?

 My internet provider says that i have a a Zeus Trojan on one of my computers. Mcafee virus protection, provided by my ISP found nothing. AVG Remover found nothing. Rkill seems to find that the lame.exe file in my Play It Live PlugIns folder. Comments anyone?


Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/28/2018 03:38:39 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * Schedule Stopped. [PUP/GEN]

1 service stopped!

Checking for processes to terminate:

 * C:\ProgramData\PlayIt Live\Plugins\InternetBroadcast\lame.exe (PID: 45840) [AU-HEUR]

1 proccess terminated!


Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/28/2018 03:38:54 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)


Adding, PlayIt Live 2.03 (Build 2363)

Hi Maximillian,


lame.exe is the MP3 encoder for the Internet Broadcast plugin and is virus-free. Please find here the Virus Total report for the file: https://www.virustotal.com/#/file/911c36f3df031db06c2432f0d02e445990cc0d7d3c35275540d8e3010aaea64b/detection

Thanks for the reply, that was the only file on 3 different computers that generated a response from the Zeus scan, so I was a little concerned. In the mean time PlayitLive is running fine, I will wait and see if anything else pops up.

Login to post a comment