Security Basics mailing list archives
RE: removing spyware (ezula)
From: "Sabek" <osabek () yahoo com>
Date: Fri, 16 May 2003 15:32:29 -0400
Hey Dave, Ezula must be running an executable during startup that is recreating the files that AdAware etc is deleting. I once had a similar problem. Im sure you already know the name of the process (the file name of the executable). This is what I did to fix it. Back up your registry, in the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN you will see several applications that run during startup. Look for the shady key, one of these keys may be the one that is running an exec recreating the ezula exec. In my experience, it was a hidden self extracting executable located at c:\windows\system32 that was extracting the file to a folder on the root. It stood out because the filename was 20 random characters. First delete the folder that contains the program that is running, next delete the file that is referenced in the registry. Then delete the key from the registry. Hopefully this works... good luck. Anthony Sabek NYTC, Consultant -----Original Message----- From: McCleskey, David [mailto:dmccleskey () polymersealing com] Sent: Friday, May 16, 2003 11:40 AM To: 'security-basics () securityfocus com' Subject: removing spyware (ezula) Hi I am having a very difficult time removing ezula from a nt 4 box. Every time I uninstall it, it reloads itself during the next logon. I have ran Ad-aware, and Spybot Search and Destroy in combination with the ezula uninstall. Does anyone have any experience with the removal of this nasty adware program? ------------------------------------------------------------------------ --- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- removing spyware (ezula) McCleskey, David (May 16)
- RE: removing spyware (ezula) Sabek (May 17)
- Re: removing spyware (ezula) Jim McCaw (May 17)
- Re: removing spyware (ezula) chris-antheme (May 17)
- <Possible follow-ups>
- RE: removing spyware (ezula) Ben Finegan (May 17)
- removing spyware (ezula) davec (May 17)
- IPSEC over GRE McKenzie Family (May 19)
- RE: IPSEC over GRE Keith A. Pachulski, PPS, GCIH, GCFW (May 20)
- IPSEC over GRE McKenzie Family (May 19)
- RE: removing spyware (ezula) McCleskey, David (May 17)
- Re: removing spyware (ezula) Chris Berry (May 20)
- Re: removing spyware (ezula) Jim McCaw (May 21)
- Re: removing spyware (ezula) Chris Berry (May 22)
(Thread continues...)