What is Ezula Malware and how to remove this spyware
eZula is an adware program that adds extra advertising links to certain keywords found in a visited web page. eZula doesn't have any dangerous payload and must be manually installed. It can update itself via the Internet. eZula automatically runs on every Windows startup.
How to remove Ezula Malware - Ezula Malware
Instructions
|
Kill the following processes ezstub.exe, sepinst.exe, cucu.exe, funcade_icmediax_install.exe, mmod.exe, mmttil.exe, sett.exe, se.exe, sed.exe, uninst.exe, uninstall.exe, gojpuses.exe, gridtwo.exe, help anti.exe, link 01 live.exe, qiopzbor.exe, dogmfcd.exe, apev.exe, unwise.exe, wo.exe, sedk.exe, iconz.exe, preinsln.exe, antispy.exe, aqzh0g6.exe, atl76681.exe, avwav072.exe, bidispl9.exe, cdfview4.exe, cmpbk321.exe, esad8.exe, ezpopstub.exe, hotelc.exe, ifojzc.exe, jel387h.exe, splashspot games.exe, tfing.exe, vbbm8.exe, wrgkf2.exe, yzrokmen.exe, zibk.exe, woinstall.exe |
|
Unregister the following DLLs and reboot 9uv.dll, chcon.dll, eabh.dll, seng.dll.
chpon.dll, eapbh.dll, sepng.dll in Program Files\web offer\
sepng.dll in Program Files\weboff~1\
amtxprxy.dll, araamon.dll, auaamon.dll, aud.dll, book.dll, cdcore.dll, cdrules.dll, cdsync.dll, coreak.dll, mmview_ouch.dll, msrev23.dll, msrev43.dll, rulesak.dll, sicon.dll, ss.dll, sysfile.dll, thin.dll, updak.dll in Windows\system32\
|
|
Delete these registry entries HKEY_CLASSES_ROOT\appid\
HKEY_CLASSES_ROOT\appid\
HKEY_CLASSES_ROOT\bho.incredifindbho.1\clsid
HKEY_CLASSES_ROOT\bho.incredifindbho\clsid
HKEY_CLASSES_ROOT\bho.incredifindbho\curver
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\\whww3zulo4aweqd
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\\isepsearch
HKEY_CLASSES_ROOT\interface\\proxystubclsid\
HKEY_CLASSES_ROOT\interface\\proxystubclsid32\
HKEY_CLASSES_ROOT\interface\\typelib\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\software\classes\quicksearch.searchband
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\.0\win32\c:\program files\sep\sep.dll
HKEY_CLASSES_ROOT\typelib\.0\flags
HKEY_CLASSES_ROOT\typelib\.0\helpdir\c:\program files\sep\
HKEY_CLASSES_ROOT\typelib\.0\sep 1.0 type library
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CLASSES_ROOT\typelib\
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\ezwo
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\web offer
HKEY_CURRENT_USER\software\web offer
HKEY_LOCAL_MACHINE\software\classes\typelib\
HKEY_LOCAL_MACHINE\software\coupondeals
HKEY_LOCAL_MACHINE\software\interads
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\explorer bars\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sesync
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amyshorse.zip\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\amyshorse.zip\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dmo\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dmo\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\web offer
HKEY_LOCAL_MACHINE\software\updater\
HKEY_LOCAL_MACHINE\software\updater\\installdate
HKEY_LOCAL_MACHINE\software\updater\\trackguid
HKEY_LOCAL_MACHINE\software\updater\\versionnumber
HKEY_LOCAL_MACHINE\software\updater\cid
HKEY_LOCAL_MACHINE\software\updater\exename
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\\implemented categories
HKEY_CLASSES_ROOT\clsid\\implemented categories\
HKEY_CLASSES_ROOT\clsid\\inprocserver32\c:\windows\system32\shdocvw.dll
HKEY_CLASSES_ROOT\clsid\\instance\initpropertybag\url
HKEY_CLASSES_ROOT\clsid\\web offer bar
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\\implemented categories
HKEY_CLASSES_ROOT\clsid\\implemented categories\
HKEY_CLASSES_ROOT\clsid\\inprocserver32\c:\windows\system32\shdocvw.dll
HKEY_CLASSES_ROOT\clsid\\instance\initpropertybag\url
HKEY_CLASSES_ROOT\clsid\\web offer bar
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\clsid\
HKEY_CLASSES_ROOT\ezulaagent.ezulactrlhost.1\clsid
HKEY_CLASSES_ROOT\ezulaagent.ieobject.1\clsid
HKEY_CLASSES_ROOT\ezulaagent.plugprot.1\clsid
HKEY_CLASSES_ROOT\ezulaagent.toolbarband.1\clsid
HKEY_CLASSES_ROOT\ezulaagent.toolbarband\clsid
HKEY_CLASSES_ROOT\ezulabootexe.installctrl.1\clsid
HKEY_CLASSES_ROOT\ezulafsearcheng.ezulacode.1\clsid
HKEY_CLASSES_ROOT\ezulafsearcheng.ezulahash.1\clsid
HKEY_CLASSES_ROOT\ezulafsearcheng.ezulasearch.1\clsid
HKEY_CLASSES_ROOT\ezulafsearcheng.popupdisplay.1\clsid
HKEY_CLASSES_ROOT\ezulafsearcheng.resulthelper.1\clsid
HKEY_CLASSES_ROOT\ezulafsearcheng.searchhelper.1\clsid
HKEY_CLASSES_ROOT\ezulamain.ezulapopsearchpipe
HKEY_CLASSES_ROOT\ezulamain.ezulasearchpipe.1\clsid
HKEY_CLASSES_ROOT\ezulamain.trayiconm.1\clsid
HKEY_CLASSES_ROOT\f1.organizer.1\clsid
HKEY_CLASSES_ROOT\f1.organizer\clsid
HKEY_CLASSES_ROOT\f1.organizer\curver
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\\iband
HKEY_CLASSES_ROOT\interface\\proxystubclsid\
HKEY_CLASSES_ROOT\interface\\proxystubclsid32\
HKEY_CLASSES_ROOT\interface\\typelib\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_CLASSES_ROOT\interface\
HKEY_LOCAL_MACHINE\software\updater\install_dir
HKEY_LOCAL_MACHINE\software\updater\installdate
HKEY_LOCAL_MACHINE\software\updater\puid
HKEY_LOCAL_MACHINE\software\updater\versionnumber
|
|
Remove the following files 9uv.dll, basis.kwd, basis.rst, basisp.dst, basisp.kwd, basisp.pu, basisp.rst, chcon.dll, cucu.exe, eabh.dll, ezula.txt, gendis.ez, install.log, mmod.exe, mmttil.exe, paramp.ez, rwdsp.rst, sedk.exe, seng.dll, spec1.bsx, tvmx.bsx, wndbannnp.src.
ezstub.exe, sepinst.exe in c:\
amazon.com.url, amazon.url, bingo .lnk, block spyware.url, bsx32.ini, card games.lnk, casino online.lnk, cheap holiday travel.url, ebay.com.url, ebay.url, expedia.com.url, free casino.url, free online music.url, free spyware scanner.url, funcade_icmediax_install.exe, internet .lnk, investing .lnk, online dating.url, pacman.lnk, printer cartridges.lnk, travel .lnk, travel specials.url, website hosting.lnk, winsock2.reg in Desktop\
sett.exe in Documents and Settings\UserName\application data\
antivirus.url, casino online.url, computers.url, instant messaging.url, internet.url, movie.url, web hosting.url, amazon.com.url, amazon.url, ebay.com.url, ebay.url, expedia.com.url in Favorites\
adult dvd.url, dvd.url, fetish.url, gay.url, hardcore.url, lesbian.url, live video feeds.url, matchmaking.url, photos.url, sex movies.url, sex toys.url, shemale sex.url, viagra.url in Favorites\ adult entertainment\
christian dating.url, dating agency.url, dating service.url, internet dating.url, jewish dating.url, online dating.url in Favorites\ adult entertainment\dating\
adult education.url, adult personals.url, adult toys.url, breast enhancement.url, buy adipex.url, buy viagra.url, diet pill.url, penis enlargement.url, personals.url in Favorites\ adult items\
antivirus.url, communication technology.url, computer jobs .url, computer programming.url, domain hosting.url, dvd.url, hosting.url, inkjet cartridge.url, instant messenger.url, internet.url, working from home.url in Favorites\ computers\
computer game.url, gamecube.url, microsoft.url, playstation.url, quake.url, sega dreamcast.url, xbox.url in Favorites\ computers\games\
dating.url, descrambler.url, dvd to cd.url, mp3.url, online pharmacy.url, pass drug test.url, printer cartridge.url, satellite television.url, scratch card.url, video surveillance.url in Favorites\ cool stuff\
christian dating.url, dating agency.url, dating service.url, internet dating.url, jewish dating.url, online dating.url in Favorites\ dating\
adjustable bed.url, food nutrition.url, health plan.url, home equity loan.url, home improvements.url, home refinancing.url, home security.url, interior decorating .url, office space.url, outdoor cooking.url, outdoor furniture.url, phone system.url, satellite television.url, sleep aids.url, timeshare.url, working from home.url in Favorites\ home\
domain registrations.url, firewall.url, flowers.url, free long distance.url, hosting.url, internet business.url, investing money.url, jokes.url, newsgroup.url, online football games.url, online gaming.url, spyware.url, starting a business.url, web marketing.url in Favorites\ internet\
adult education.url, book.url, college.url, community.url, education.url, essay.url, school.url in Favorites\ internet\education\
bingo.url, black jack poker.url, casino online.url, craps.url, gamble.url, jackpot.url, roulette gambling.url, slots.url, sport betting.url, sport book.url, time cards.url in Favorites\ online gaming\
buy adipex.url, buy celebrex.url, buy fidrex.url, buy ionamin.url, buy meridia .url, buy phentermine.url, buy propecia.url, buy soma.url, buy tenuate.url, buy ultram online.url, buy viagra.url, buy xenical.url, consumer consulting.url, doctor.url, mexican pharmacy.url, pass drug test.url, pet med.url, pharmacy online.url in Favorites\ online pharmacy\
birthday gift.url, cellular.url, christmas gift.url, corporate gift.url, digital cameras.url, dress fashion.url, dvd players.url, gift basket.url, jewelry.url, leather jackets.url, perfume.url, sexy lingerie.url, shoes.url, smoke shop.url, underwear.url, video surveillance.url, watches.url, wedding gifts.url, wine gifts.url, womens clothing.url in Favorites\ shopping gifts\
air travel.url, cancun vacation.url, car rental.url, cruises.url, discount travel.url, europe travel.url, family vacation.url, hawaii travel.url, hotels.url, las vegas hotel.url, london hotel.url, new york.url, orlando hotel.url, resort.url, skiing.url, timeshare.url, travel agent.url, travel insurance.url, vacation.url, world travel.url in Favorites\ travel\
amazon.com.url, amazon.url, ebay.com.url, ebay.url, expedia.url in Favorites\links\
pacman.lnk in Program Files\Common Files\
se.exe, sed.exe, uninst.exe, uninstall.exe in Program Files\sed\
gojpuses.exe, gridtwo.exe, help anti.exe, link 01 live.exe, qiopzbor.exe in Program Files\third close jugs\
dogmfcd.exe in Program Files\user hold beep\
apev.exe, chpon.dll, eapbh.dll, sepng.dll, unwise.exe, wo.exe in Program Files\web offer\
sepng.dll in Program Files\weboff~1\
bsx32.ini, cjijjom.ini, conscorr.ini, digital signature 20040814.htm, iconz.exe, preinsln.exe, woinstall.exe in Windows\
amtxprxy.dll, antispy.exe, aqzh0g6.exe, araamon.dll, atl76681.exe, auaamon.dll, aud.dll, avwav072.exe, bidispl9.exe, book.dll, cdcore.dll, cdfview4.exe, cdrules.dll, cdsync.dll, cmpbk321.exe, coreak.dll, esad8.exe, ezpopstub.exe, hotelc.exe, ifojzc.exe, jel387h.exe, mmview_ouch.dll, msrev23.dll, msrev43.dll, rulesak.dll, sicon.dll, splashspot games.exe, ss.dll, sysfile.dll, tfing.exe, thin.dll, updak.dll, vbbm8.exe, wrgkf2.exe, yzrokmen.exe, zibk.exe in Windows\system32\
|
|
Remove the following directories Program Files\ezula\images
Program Files\web offer
Windows\ezstub.exe
| |