Friday, January 9, 2015

Remove Zoomify Virus from your computer to stop pop ups in browsers

Nowadays we are getting so many pop ups showing advertisement or alerting you of virus infections which does not go easily.They keeps coming up after closing them and are very annoying.Some of them asks you to update flash player, Some would asks to update the browsers some would show your computer might be infected with virus while some would say the java Plug-in is outdated.

I am gonna talk specifically about Zoomify virus.It does not get removed easily and none of the security softwares detects it.I scanned my computer with ADWCleaner, Hitmanpro and Malwarebyte and ESET Online scanner when I already had my updated Norton antivirus ups and running.I was still getting the pop ups whenever opening any of the browser to surf internet.

Then after all the efforts, I tried to check the processes running in the Task manager and found some new and unfamiliar services running and when I tried to close one of them, it kept coming back to running state.I did not even allow me to delete the file associated with those services.Here is the snapshot of the processes running in the task manager.

Cozhost.exe Virus Process in Task Manager
Coz32host.exe Virus Process in Task Manager
When I searched internet to find out what these processes are and analysed them by some software, I found that this is a program which is associated with zoomify Malware and generating pop ups and redirecting browsers.This is a Virus.

Virus Type: Harmful Redirect Virus

What does it do?


  • Takes over the browser and modifies the default settings randomly.
  • Home page,Startup page, Search engine or other settings change on your computer. Exessive links are added to every website you open that point to websites that you'd usually avoid.
  • Always try to trick you into install malware, adware or other potentially unwanted programs or unwanted harmful Browser Addons or a fake message to update Java or Flash Player or their Plugin.
  • Pops up endless of annoying ads to interrupt users.
  • Consumes a large amount of CPU utilization.
  • Severely degrades the PC performance.
  • ZoomifyApp virus can monitor your online activities and collect your personal data

How to remove it?


Troubleshooting Steps (TS):Before we start the following troubleshooting I assume you have already updated your current security or Antivirus software and scanned your computer with that.

Step 1. Run RKill to terminate any malicious processes


RKill is a tool that we should run before doing any troubleshooting on PC, this software will attempt to terminate all malicious processes that are running on your machine, so that we will be able to perform the next step without being interrupted by any malicious software and also if these processes are terminated the performance of the system would definitely increase a bit to allow you to perform action faster.RKill was developed at BleepingComputer.com.

You can download the latest official version of RKill by clicking here.Please note that we will use a renamed version of RKILL so that malicious software won’t block this utility from running.

RKill is available in different filenames because some malware will not allow processes to run unless they have a certain filename.


These link will automatically download RKILL renamed as iExplore.exe.

Double click on iExplore.exe to start RKill.

RKill
RKill

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.Do not reboot your computer after running RKill as the malware programs will start again.

Now you can perform your troubleshooting steps a lot easier way.

Step 2.Stop the processes associated with Zoomify Virus

Since ZoomifyApp cannot be removed from control panel and antivirus applications all fail to pick it up, you have to remove it manually. Before starting the operation actions, please back up your registry.And also enable show hidden files and folder in folder options.
To do this go to control panel and open folder option.And click on the view tab and select show hidden files,Folders and drives-ON and also uncheck the option "Hide protected operating system files" as highlighted in the picture below.After that click ok.

Folder Option
Folder Option


Open task manager and try to stop the processes of ZoomifyApp running in the background.

Zoomify App.exe

Step2. Delete all files and folders related to ZoomifyApp virus

%program files%\ Zoomify App\
%documents and settings%\all users\ application data\ ZoomifyApp
%AllUsersProfile%\Application Data\ ZoomifyApp.exe
%progran files%\ Ads by Zoomify App.exe
%AllUsersProfile%\Application Data\.exe
C:\WINDOWS\system32\drivers\serial.sys
C:\Users\Vishruth\AppData\Local\Temp\random.xml
C:\windows\system32\drivers\mrxsmb.sys(random)
C:\WINDOWS\system32\drivers\redbook.sys(random

if you are unable to stop the zoomify App process or Cozhost.exe, Cozwhost.exe, Cozahost.exe,Cozadhost.exe,coz32host.exe,Cozad32host.exe, zoomifyL32.exe, zoomifyD32.exe, zoomify.exe, wzoomifyd.exe or any of the services which are similar to them.Right click on the process and select option to open file location as shown in the picture below.

Open Location of the process running
Open Location of the process running
This will open the folder where this file is running from and you would need to delete all the files showing here so select all and press Shift+Delete key to delete the permanently.

If you are unable to delete them as I was not able to delete because it was already running or being used.Please rename all the .exe and .dll files with some other xyz name.

Also delete or rename all files and folders from the following locations.

%program files%\ Zoomify App\
%documents and settings%\all users\ application data\ ZoomifyApp
%AllUsersProfile%\Application Data\ ZoomifyApp.exe
%progran files%\ Ads by Zoomify App.exe
%AllUsersProfile%\Application Data\.exe
C:\Program Data\Zoomify
C:\WINDOWS\system32\drivers\serial.sys
C:\Users\Vishruth\AppData\Local\Temp\random.xml
C:\windows\system32\drivers\mrxsmb.sys(random)
C:\WINDOWS\system32\drivers\redbook.sys(random).

%TEMP%\nsb3.tmp\StdUtils.dll
%TEMP%\nsb3.tmp\nsisos.dll
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\CAQ30L6F.php
%TEMP%\nsb3.tmp\UserInfo.dll
%WINDIR%\Tasks\Tempo Runner cozahost.job
%WINDIR%\Tasks\Tempo Runner coz32host.job
%TEMP%\nsb3.tmp\nsislog.dll
%TEMP%\nsb3.tmp\InstallerUtils.dll


Step 3. Clean Zoomify virus from Registry.

Open registry editor and remove all the registry keys that ZoomifyApp malware added

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[ZoomifyApp]"
HKEY_CLASSES_ROOT\CLSID\[random numbers]
HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoomifyApp
HKEY_CURRENT_USER\Software\ZoomifyApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoomify App
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[random numbers]

Now if you are an advanced user and want to delete the Zoomify completely from everywhere you can search through registry for the the following files names and delete all the entry associated with them.Be very careful with registry and only delete entry associated with these names otherwise your computer will becomes unstable if you delete something necessary to your computer.

Cozhost.exe,Cozwhost.exe,Cozwdhost.exe,Cozahost.exe,coz32host.exe*32, Cozadhost.exe,coz32host.exe,Cozad32host.exe, zoomifyL32.exe, zoomifyD32.exe, zoomify.exe, wzoomifyd.exe


Step 4. Now delete Temp  and %Temp% and Reset all the browsers.

Step 5 . Use Ccleaner

Download Ccleaner. And Run it to clean all the junks.Now click on the Tools and then click on Startup and go to Scheduled Tasks>Select all the unknown and unnecessary task and delete them.This will stop the Zoomify virus to restart their service or look for it after certain intervals.

Ccleaner
Ccleaner

Also check for windows Startup items and remove the entry which are not required.


Now click on registry option on the left of Ccleaner window and Scan for registry issues and then fix them as shown below.

CCleaner Registry Fix
CCleaner Registry Fix

Step 6. Restart your computer and now it should be running fine.

Note:- Zoomify Virus App also comes with one another name called Zoompic with its associated file named ZoompicL64.dll with the originating folder C:\Program Data\makulitsidweso you might want to find and delete this folder .


Happy Troubleshooting :-)

Nasir 


****************************************




Reactions:

0 comments:

Post a Comment