Help, bitten by the ezula monster!

Deer Slayer · 06-25-2004, 12:23 AM

Ok, now I'm pretty good at cleaning up spyware and viruses, but this thing has the better of me. A friend of mine has a few machines at his office that are infected with this ezula crap. So far I've run spybot and adaware and cleaned up the other spyware that was on them but ezula won't die! I tried running hijack this to see if that would help, it didn't find all of it. I looked through the registry to see what I could figure out about it, but it's in too deep. I read a couple articles online too, that gave me some stuff to try tommorrow. You guys have a lot of experience with this stuff so if you have some advice, don't hesitate.

The machines are dell p4 systems with xp home. They all have norton antivirus and internet security on them, a lot of good that did. Death to ezula!!!!!!

Wingit · 06-25-2004, 12:44 AM

Ok, one thing i would try early on would be to reboot the affected machine into safe mode and run a full scan of Trend Micro's online scanner (Called "housecall")...safe mode is because many of these damn things cannot be deleted any other way. I have found this online scanner to be more thorough than Norton in it's seach....in fact i am looking to replace my Norton for that very reason. Another thing to try would be running the "Process Explorer" utility by Sysinternals (freebee) and seeing if anything running looked a bit "wonky"....might give you some leads as to where the crap is hiding. I'm sure you'll get more suggestions, but there's a start.....keep us posted, there's a lotta hatred for spyware at this forum.

PS; there is another utility called "MoveOnBoot" that will allow you to delete offending files that have proven to be capable of "returning from the dead"...very handy, integrates with the shell.

PPS; found a link you may want to peruse
http://www.trendmicro.co.jp/vinfo/vi...me=ADW_EZULA.A

cmay119 · 06-25-2004, 01:11 AM

Also with Adaware. Have you updated it recently? Also how do you run adaware? with the smartscan or do you use the custom scanning option? If you aren't using the custom scanning option, START! It found so much more spyware than the smartscan I wanted to cry. Just click the circle that says custom scanning and then click "Start" to start the search. That should solve your problem. Good Luck!

Deer Slayer · 06-25-2004, 02:22 AM

The problem is that they've started killing adaware when it's supposed to run on reboot. Yes I know about the custom scanning option, that's the only way to go. I manually killed the processes that run in the background before the scan and it says it found everything, but 5 minutes later it's back! Spybot also says it fixed it but same thing. I will give housecall a try tommorrow, thanks wingit. Ezula should be considered a virus and the people responsible for it criminally procecuted.

Deer Slayer · 06-25-2004, 02:33 AM

Sometimes that spyware will simply go away when you uninstall it. I tried uninstalling it just like the directions said and it's back in five minutes. I found some manual removal instructions that give some files to delete and registry items to remove.

Wingit · 06-25-2004, 09:01 AM

Quote:

Originally Posted by Deer Slayer

Sometimes that spyware will simply go away when you uninstall it. I tried uninstalling it just like the directions said and it's back in five minutes. I found some manual removal instructions that give some files to delete and registry items to remove.

That may be because there is a hidden object such as a reg entry or rogue executible somewhere that is re-launching it on start-up, but manual removal of the components should work .....are you deleting the offending files in SAFE MODE or using a utility such as "MoveOnBoot" to delete?.....in many instances they will return more often than a zombie in a grade b horror flick otherwise..

Deer Slayer · 06-27-2004, 11:38 PM

I thought that it would come back after I left, guess it ruined my confidence. After I left they say it hasn't come back! I'm not sure what exactly fixed it, but I didn't think I killed it. Wow, ezula is the worst spyware I've ever had to deal with. I think whatever I deleted with hijack this did it. Thanks for your responses, I'll let you know if it comes back from the dead again.

06-25-2004, 12:23 AM	#1
Deer Slayer Unscanable!!! Tatoo??? Join Date: Dec 2002 Location: Howell Michigan Posts: 3,837	Help, bitten by the ezula monster! Ok, now I'm pretty good at cleaning up spyware and viruses, but this thing has the better of me. A friend of mine has a few machines at his office that are infected with this ezula crap. So far I've run spybot and adaware and cleaned up the other spyware that was on them but ezula won't die! I tried running hijack this to see if that would help, it didn't find all of it. I looked through the registry to see what I could figure out about it, but it's in too deep. I read a couple articles online too, that gave me some stuff to try tommorrow. You guys have a lot of experience with this stuff so if you have some advice, don't hesitate. The machines are dell p4 systems with xp home. They all have norton antivirus and internet security on them, a lot of good that did. Death to ezula!!!!!!
(Offline)

06-25-2004, 12:44 AM	#2
Wingit Hopeful '47er Join Date: Oct 2002 Location: Southwest Florida, USA Posts: 4,730	Ok, one thing i would try early on would be to reboot the affected machine into safe mode and run a full scan of Trend Micro's online scanner (Called "housecall")...safe mode is because many of these damn things cannot be deleted any other way. I have found this online scanner to be more thorough than Norton in it's seach....in fact i am looking to replace my Norton for that very reason. Another thing to try would be running the "Process Explorer" utility by Sysinternals (freebee) and seeing if anything running looked a bit "wonky"....might give you some leads as to where the crap is hiding. I'm sure you'll get more suggestions, but there's a start.....keep us posted, there's a lotta hatred for spyware at this forum. PS; there is another utility called "MoveOnBoot" that will allow you to delete offending files that have proven to be capable of "returning from the dead"...very handy, integrates with the shell. PPS; found a link you may want to peruse http://www.trendmicro.co.jp/vinfo/vi...me=ADW_EZULA.A __________________ Last edited by Wingit : 06-25-2004 at 12:56 AM.
(Online)

06-25-2004, 01:11 AM	#3
cmay119 Can I have your title? Join Date: Mar 2003 Location: Eden Prairie, MN Posts: 1,741	Also with Adaware. Have you updated it recently? Also how do you run adaware? with the smartscan or do you use the custom scanning option? If you aren't using the custom scanning option, START! It found so much more spyware than the smartscan I wanted to cry. Just click the circle that says custom scanning and then click "Start" to start the search. That should solve your problem. Good Luck! __________________ DFI Lanparty UT nF4 Ultra-D \| AMD Opteron 170 CCBWE 0550 UPMW \| 2x1024 PC4000 Team Group Cronus I/A \| MSI NX7900GT \| 2x250GB Seagate Barracuda 7200.10 SATA RAID-0\| Lian Li PC65 \| PC Power & Cooling 750W Silencer \| Klipsch ProMedia Ultra 5.1 \| Creative Soundblaster X-Fi Platinum \| KDS Xtreme Flat 19" CRT
(Offline)

06-25-2004, 02:22 AM	#4
Deer Slayer Unscanable!!! Tatoo??? Join Date: Dec 2002 Location: Howell Michigan Posts: 3,837	Adaware is updated. The problem is that they've started killing adaware when it's supposed to run on reboot. Yes I know about the custom scanning option, that's the only way to go. I manually killed the processes that run in the background before the scan and it says it found everything, but 5 minutes later it's back! Spybot also says it fixed it but same thing. I will give housecall a try tommorrow, thanks wingit. Ezula should be considered a virus and the people responsible for it criminally procecuted.
(Offline)

06-25-2004, 02:33 AM	#5
Deer Slayer Unscanable!!! Tatoo??? Join Date: Dec 2002 Location: Howell Michigan Posts: 3,837	BTW: the first thing I tried was uninstall. Sometimes that spyware will simply go away when you uninstall it. I tried uninstalling it just like the directions said and it's back in five minutes. I found some manual removal instructions that give some files to delete and registry items to remove.
(Offline)

06-27-2004, 11:38 PM	#7
Deer Slayer Unscanable!!! Tatoo??? Join Date: Dec 2002 Location: Howell Michigan Posts: 3,837	So far so good. I thought that it would come back after I left, guess it ruined my confidence. After I left they say it hasn't come back! I'm not sure what exactly fixed it, but I didn't think I killed it. Wow, ezula is the worst spyware I've ever had to deal with. I think whatever I deleted with hijack this did it. Thanks for your responses, I'll let you know if it comes back from the dead again.
(Offline)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode