Detection for Zeus and “malciious friends” stays problematic,
re: http://www.prevx.com/blog/137/Detecting-and-Removing-the-ZEUS-Banking-Trojan.html
From that article:

As a recent hyped article claimed ZEUS frequently bypasses popular antivirus and internet security suites. The criminals are careful to infect just a few PCs with each copy of the Trojan, thereby avoiding detection by honepots/nets and subsequent researcher attention in security labs. By the time each copy of a ZEUS Trojan is identified by security researchers it’s job is done and a new fresh version will be dispatched to takeover its role.

But this does not go for the malware removal routines that essexboy has up his sleeves, whether it is a sinowal or zeus infection,
cleansing is performed,

polonus