Watch Out! %#@&^& Zoomify Malware!!

[Bert]

Have you tried using the "manage add-ons" to disable it? It may have several different names there. Something like that, as you know, stores a copy in the restore section. That section is usually "protected" from being deleted. Often you have to bite the bullet, disable the restore sections, then run your anti virus programs.
Good luck!

 

[NSTG8R]

Have you tried using the "manage add-ons" to disable it? It may have several different names there. Something like that, as you know, stores a copy in the restore section. That section is usually "protected" from being deleted. Often you have to bite the bullet, disable the restore sections, then run your anti virus programs.
Good luck!

Thanks for the tip Bert. I gave that a try after I read your post. No sign of it there. The tree is C:\ProgramData\zoomify_29\1.1.0.29. There's four executable files with it, coz32host, cozaghost, cozahhost, cozawhost, and the two .dll file, zoomifyL32.dll and zoomifyutil32.dll.

Found a blank thumb drive, and thought "HA! Gotcha now!", It said, "Not! You need administrative privileges to do jack to me" [well...not in those exact words].

Beginning to think that removal of the virus will require the assistance of a Catholic Priest packing Holy Water!

 

[Hog]

Also, if you are comfortable with it - try "run" - "regedit" and look at Hkey local machine, 'software', 'microsoft', 'windows' , 'current version' and look under the 'run' tab. this will show what is loading on startup that may be hidden.
Do not modify these or click anything else unless you know what you are doing in the registry settings, as it can have major consequences.
It will list some files and where they are being used, as well as what the settings for those are. Just close it when you are done looking.
I always scan this section looking for weird file names like "auytdbdtc.exe", then look them up on a search engine to verify that they are legit.

 

[NSTG8R]

I'll check it out Hog, thanks for the tip! It is a tenacious bit of binary for sure!

 

[goofyone]

Malwarebyes has some extra tools you can download to help remove stubborn files and registry keys: FileAssassin and RegAssassin

https://www.malwarebytes.org/downloads/#tools

 

[Jeff Porter]

Hang in there Nstg8r, sounds like you are trying all that you can to get rid of it. Malwarebytes at one time had a version called Chameleon, if you want you can give that a try. You can name the executable a windows recognized filename, such as explorer.exe, to sneak past the malware. You may need to boot in safe mode, let me know if you need help doing that.

Sometimes these malware / viruses can embed themselves so deeply that all you can do is reinstall windows to get rid of it. What a pain in the backside.

 

[Snick]

2 solutions in order of effectiveness:

1. Sell your computer and get a Macintosh or Linux box.
2. Do a hard reformat, wipe drive totally clean, and reinstall OS from original source files.

 

[wheaters]

That's one of the first sites I tried. The problem is [and it still exists] it refuses to be deleted/uninstalled by any means. I even purchased Kapersky's 'top of the line' anti-virus/malware software. I acknowledges it's there, but still won't delete or even quarantine the files....perplexing for sure. There was one suggestion earlier to 'send' it to a thumb drive, and then format the drive. Might try that. But thanks for the input!

I've found Glary Utilities to be very useful for removing unwanted programs. There is a free version which is the one I use on a very regular basis to keep my PC working smoothly. You can use it for general maintenance or by going into the advanced tools section it will find and allow you to uninstall programs and files that you don't want. It saves you having to go directly into the Windows registry and taking a risk of removing something that really needs to stay.

CCleaner is another good one, I have both on my PC

 

[Hog]

Linux is no guarantee of immunity anymore, my server was linux based and still got nailed. There are less nasties out there for linuz based systems though, and Ubuntu has made it more 'mainstream' in the sense of user friendly. I run a dual boot setup on my laptop with linux and windows. I recommend that for someone wanting to try it first.
Detekt is useful for ID, as I stated earlier, its a quick download and runs off the desktop - https://resistsurveillance.org/
This will identify the 'superbugs' but they are very difficult to eradicate. I was hit with "Ghost RAT" from Axiom hacking group in China, and have been slowly taking my computer back bit by bit (pun!). Still unable to take back administrator control, but have access to my files again, so I am burning them off on flashdrives (1.8 million files). Yes, it takes awhile. Once they are off, I will do a clean reinstall and finally be done.

 

[NSTG8R]

I've found Glary Utilities to be very useful for removing unwanted programs. There is a free version which is the one I use on a very regular basis to keep my PC working smoothly. You can use it for general maintenance or by going into the advanced tools section it will find and allow you to uninstall programs and files that you don't want. It saves you having to go directly into the Windows registry and taking a risk of removing something that really needs to stay.

CCleaner is another good one, I have both on my PC

I have CCleaner, yep, pretty good, but didn't help with getting rid of ZoomifyApp adware from hell. However! G1 mentioned FileAssassin, AND IT WORKED!! Actually, it did, and it didn't. I downloaded it and ran it...no luck. So I found the zoomify files, right clicked on them, and noticed that FileAssassin had put icon on the list. With the individual file highlighted, I clicked the FA icon, and Vua-lah! It disappeared! So I did it to the rest of the associated files...all gone! I then rebooted the computer just to make sure, and on start up, I ended up with just a black screen and my mouse arrow o_O.... !! Another couple of hours of banging my head on the table and trying different things, and got everything back to normal (can't remember the process...it's all a blur).

Everybody.....All your suggestions were GREATLY appreciated!!