How To Remove HKU\S-1-5-21 Virus. Does Trend Micro Maximum Security 11.1 detect Zeus or HKU viruses?

  • 1
  • Problem
  • Updated 2 years ago
  • Acknowledged
A colleague using Windows Edge on an MSI PC contracted the Zeus virus. (Incidentally another colleague who hit the same website and using Chrome did not - unless there's sleeper files that haven't activated on that Chrome machine yet). The latest Trend Micro Maximum Security 11.1.1045 did not pick up the Zeus virus on the knowingly infected Win10 machine. The user thought he'd cleaned Zeus using: 

1. Downloaded and ran Zemana AntiMalware

2. Downloaded and ran MalwareBytes

3. Downloaded and ran Hitman Pro

4. Completely cleared his Microsoft Edge settings.

Zeus looks to have gone. However my colleague found out three days later he now has the HKU\S-1-5-21 Virus. 

Is TMMS 11.1.1045  supposed to find/clean either the Zeus or HKU\S-1-5-21 Virus's?
Does anyone have a pointer on how to thoroughly clean a machine with Zeus and HKU\S-1-5-21?
Photo of GrooveTrain


  • 82 Points 75 badge 2x thumb

Posted 2 years ago

  • 1
Photo of TM_Victor

TM_Victor, Employee

  • 4,942 Points 4k badge 2x thumb
Hi, GrooveTrain,

Welcome and thank you for posting here in the community!

I understand that you have an inquiry regarding the Trend Micro Maximum Security in detecting the Zeus or HKU viruses, let us assist you on this. 

Yes the Trend Micro program can detect and prevent that type of malware on your computer. As the virus patterns for them has been existing since before.

You have informed that you no longer have the error message, can I ask if you have taken any screen shot of that notification before proceeding with the web browser reset?

We would like to have the exact URL where this has occur as it is a possible technical support scam web site redirection. To be eligible for that category, the popup message has contact information that informs you to call the phone number listed on it for it to be removed on your computer.

The problem with these technical support web page redirection are common due to visiting possible malicious web pages and acquiring false URLs or links is easy for these criminals. Just do not call the contact details presented on the popup messages as those are false. For additional information, you may refer to this knowledge base article for Technical Support Scams.

Please ensure as well that your Trend Micro toolbar is active on your web browser, however the Microsoft Edge is currently not supported by the toolbar. 

Using the Trend Micro Toolbar feature of Trend Micro Security

If you have the link, you may contact our support lines to report it as posting it here on the community might spread the possible infection on other users. Please use - Ways to Contact Support

Thanks for your time and have a lovely day!

TrendMicro Home Users Community
Photo of GrooveTrain


  • 82 Points 75 badge 2x thumb
Thanks Victor for your response.

I shall respond direct to your support lines as indeed it would be irresponsible to post the domain link here. Regrettably, no screen shot was taken by my colleague at the time of the Zeus notification.

Cheers, Groovetrain
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 27,682 Points 20k badge 2x thumb
Hi GrooveTrain,

For the HKU\S-1-5-21 Virus, a system restore  will do the trick.

Kind regards,
Photo of TM_Ian

TM_Ian, Employee

  • 5,242 Points 5k badge 2x thumb
Hi GrooveTrain,

Thank you for the update. 

We've already received the email that you sent to our email channel. Kindly provide the details that we'll be requesting to you via email so we can submit it to our relative team.

Thank you so much for this help.

TrendMicro Home Users Community