ZoneAlarm Global Virus Alert About ZeuS.Zbot.aoaq: Scareware At Its Best

Martin Brinkmann
Sep 18, 2010
Updated • Feb 1, 2015

Scareware can be described as software that attempts to "scare" the user into making a purchase. A common example are fake antivirus solutions which may display information about alleged threats found on the computer when there are none in fact.

The information that a computer virus was found will scare users into buying additional protection to secure their system and remove the alleged threats from it.

Nico just notified me that the popular security company ZoneAlarm has started to use scareware tactics to sell more of their products.

ZoneAlarm Free Firewall users has a new notification window that informs users about a global virus alert. The notification reads "Global virus alert Your PC may be in danger! Virus Details: Risk:high Threat name: ZeuS.Zbot.aoaq", "ZeuS.Zbot.aoaq is a new Trojan virus that steals banking passwords and financial account data.

Your ZoneAlarm Free Firewall provides basic protection, but this new threat requires additional security". Options are to see the threat details or get protection.

global virus alert

The problem lies in the wording. This is not actually a threat that was found on the user's computer. It is merely a notification of the threat. But ZoneAlarm makes it look like the user's PC is infected and that there is need for action. And the action is to purchase ZoneAlarm products.

Users who read the notification carefully may notice that it is a notification, and not an infection that has been found on the system.

Is that something that the firewall usually detects? I have never used their firewall but it is unlikely that a firewall would display those messages.

The real problem here is that the alert looks like an infection was detected on the PC. What makes matters worse is that the notification does not inform users that their PC is safe right now and that users don't need to worry about that or purchase better antivirus software to detect and remove the threat.

No, it only displays an option to see the threat details or to buy a product from ZoneAlarm. That's scareware tactics at its best.

ZoneAlarm Firewall Free users who get the global virus alert should close the notification immediately. If they have an up to date antivirus software on their system it is all they need to do. If they do not have one, they should consider installing AVG 9 or Microsoft Security Essentials, both completely free and very good at detecting those kind of things.


Previous Post: «
Next Post: «


  1. Angel said on November 21, 2010 at 1:41 pm

    This kind of method is used many more time ago in Norton Antivirus, and not only from ZoneAlarm

  2. name withheld but some know me as the bunny said on September 20, 2010 at 9:51 pm

    or simply run a Linux distro OS (puppy, ubuntu, kubuntu, redhat, JULinux, etc… Problem solved no viruses there and run your windows stuff through W.I.N.E or other emulator in Linux

  3. name withheld but some know me as the bunny said on September 20, 2010 at 9:41 pm

    avast is the best and a prog called spybot search and destroy (, used with with adaware ( and trojan remover and a good preg from called combofix <which by itself will remove 99.9% of spyware/viruses and most rootkits, trojan remover removes the rest and best of all they are all free!!! you dont have to pay those greedy scare tactic companys like zone alarm!
    hope this helps some ppl never pay for protection and virus removal when you can get it for free!

  4. Markus said on September 20, 2010 at 3:19 pm

    Check Point aka Zone Alarm know what they are doing; dumping the free firewall market.

  5. Will said on September 19, 2010 at 11:49 pm

    Goodbye Zone Alarm

  6. Mark said on September 19, 2010 at 7:25 pm

    I’ve removed the scareware application ZoneAlarm, and have tried Comodo, so far so good, and on my initial experience I would say it’s better. (Windows 7 64 bit).

    I work in IT and will give ALL Checkpoint software a wide berth from now on.

    “It takes many good deeds to build a good reputation, and only one bad one to lose it” – Benjamin Franklin.

  7. Redneck Wrangler said on September 19, 2010 at 5:54 pm

    Dave James me thinks ya need to learn how to spell “you” like they taught ya in 2nd grade, or did ya skip that year? Hint: there’s 3 letters in there, not 2, just in case ya gets confuzzed.

  8. Dave James said on September 19, 2010 at 4:08 pm

    Please dont overlook running virtualy. The 400k free, non-invasive “Sandboxie” utility practically eliminates the need for anti-virus, anti-malware, anti-everything. I use Avira anti-virus only on demand as a selection from the right click menu to scan an individual file or directory etc. Avira isnt even running… I dont have a malwarescanner. I have installed Spybot and SUPERAntiSpyware but they never find anything year after year. Ya run ur browser in a sandboxed session – ya download stuff – ya take the stuff ya want out of the sandbox into the real system by accessing “Delete Contents” and picking out what ya want to send where ya want it on the real system. Ya probably know what ya downloaded is safe. Leave the viruses, mal-ware, scare-ware and the ‘let us help you’-ware in the sandbox and then delete the shnuts out of it (throw away the sandbox) ;) . Ya can even run a setup sandboxed if your not sure what a programinstalls or what it looks like. Good CPU to you!

  9. JC R said on September 19, 2010 at 3:20 pm

    People wanting to switch from Zone Alarm firewall should consider Online Armor free (or pro), it’s considered as the best firewall nowadays and easy to use.

  10. JC R said on September 19, 2010 at 3:15 pm

    ” If they do not have one, they should consider installing AVG 9 or Microsoft Security Essentials, both completely free and very good at detecting those kind of things. ”
    You must be kidding!!!!Those are very mediocre products. Install Antivir or Avast if you are looking for good free AV!

    1. MB T said on September 19, 2010 at 8:35 pm

      Where do you get off making a claim like this? AVG isn’t great, but it’s free. Microsoft Security Essentials is actually a good product, and is free as well. MSE has gotten 4 out of 5 stars by the users at Cnet and got a 4.5 star rating by the editor. Apparently you are in the minority. I use MSE and have found it to be a great anti-virus and malware solution.

  11. Markus said on September 19, 2010 at 9:28 am

    Looks like some folks didn’t get the lesson that we reap what we sow. Now, let’s go to the river and wait for our enemies body float by …

  12. Dave James said on September 19, 2010 at 7:26 am

    “What a tangled web we weave when we first practice to decieve…”

  13. Thomas said on September 19, 2010 at 6:49 am

    I am removing zone alarm from my pc and go to kaspersky.
    I am scared of zone alarm now

  14. Rainne said on September 19, 2010 at 4:06 am

    Thanks for posting this. I just got this alert myself and decided to examine it more closely since I’m on a brand new system that shouldn’t have any viruses (yet). Will be switching to Comodo tonight.

  15. d00msay3r3 said on September 19, 2010 at 3:17 am

    Switch to Comodo. It’s free as well and rated better for firewall protection.

  16. Jay said on September 19, 2010 at 1:06 am

    My first thought wenn I saw this strange warning was that the machine could be infected with some sort scareware wich tries to pretend to be Zone Alarm. Is that really what ZoneLabs wants its users to think about their product? I was a loyal user of ZoneAlarm free & pro for years, but now I`m considering a change.

  17. Dave said on September 18, 2010 at 10:17 pm

    Yup, experienced this myself for the first time on my evening boot-up about three hours ago. I have to say, the initial reaction was…….er……..what?!! (to use a polite term!). The structure and colours of the message initially makes it look for all the world like a pukka internal virus warning until looked at a little closer. Didn’t fool me as it’s quite obvious a firewall program should not do this but might well frighten less techie folk (which I would suggest it was obviously designed to do!). This seems to me to a despicable move on the part of ZA and I would have thought that they would be above scaring folk this way. It’s certainly put me off the company and the previous positive impression I had has just melted away. Whoever thought of this devious scheme within the company should be severely spoken to!

  18. Ron H. said on September 18, 2010 at 9:32 pm

    Shame on ZA for cheep scareware tatics. I thought they were above this but I am going to reavaluate their product.You do get what you pay for and mabie its time to try another of the other choices that dont try to scare up new business!

  19. d00msay3r3 said on September 18, 2010 at 8:37 pm

    This is the very reason I stopped using Zonealarm years ago. When their download went from 4megs to 40 megs I looked for something else. I use Comodo, and Avast. Work like a dream w/o any hassles and have been virus free for years…

  20. Liom said on September 18, 2010 at 7:25 pm

    Not only that, when you click for more information ZA claims that popular free antiviruses like AVG and Avira do not catch zeus. These claims were rubbished by the companies in question and I’m hoping to see some form of backlash against the company for this.

    1. Martin said on September 18, 2010 at 7:26 pm

      Liom, can you provide a screenshot of this? Thanks a lot.

      1. Mart.C said on September 18, 2010 at 8:56 pm

        Hi, Im not sure if you have a screenshot for the AVG scare, I have one if you want it for yout article.

        Mart C

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.