Title: eZula
Type: Adware

Remove eZula
Removal instructions

 
Severity scale:eZula severity is 29  (29 / 100)
 
eZula is an adware program that adds extra advertising links to certain keywords found in a visited web page. eZula doesn't have any dangerous payload and must be manually installed. It can update itself via the Internet. eZula automatically runs on every Windows startup.

eZula properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic eZula removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove eZula you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall eZula. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove eZula using SpyHunter, submit question to our support team and provide as much details as possible.
dot
STOPzilla
download
manual required
We are testing STOPzilla's efficiency at removing eZula (2005-09-01 06:22:45)
dot
Malwarebytes Anti Malware
download
manual required
We are testing Malwarebytes Anti Malware's efficiency at removing eZula (2005-09-01 06:22:45)
dot
XoftSpySE Anti Spyware
download
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing eZula (2005-09-01 06:22:45)
dot
Defender Pro Ultimate
download
manual required
We are testing Defender Pro Ultimate's efficiency at removing eZula (2005-09-01 06:22:45)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove eZula
eZula snapshot:

eZula manual removal:

Kill processes:
apev.exe, ezinstall.exe, ezstub.exe, ezpopstub.exe, mmod.exe, wo.exe, woinstall.exe
Delete registry values:
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezmmod
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezwo
HKEY_CURRENT_USER\Software\eZula
HKEY_CURRENT_USER\Software\Web Offer
HKEY_CLASSES_ROOT\AtlBrCon.AtlBrCon
HKEY_CLASSES_ROOT\AtlBrCon.AtlBrCon.1
HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost
HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1
HKEY_CLASSES_ROOT\eZulaAgent.IEObject
HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1
HKEY_CLASSES_ROOT\EZulaAgent.PlugProt
HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1
HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand
HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1
HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl
HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl.1
HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl
HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay
HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper
HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper
HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1
HKEY_CLASSES_ROOT\EZulaMain.eZulaPopSearchPipe
HKEY_CLASSES_ROOT\EZulaMain.eZulaPopSearchPipe.1
HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe
HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1
HKEY_CLASSES_ROOT\EZulaMain.TrayIConM
HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1
HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE
HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE
HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}
HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\CLSID\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}
HKEY_CLASSES_ROOT\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}
HKEY_CLASSES_ROOT\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}
HKEY_CLASSES_ROOT\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
HKEY_CLASSES_ROOT\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}
HKEY_CLASSES_ROOT\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}
HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA}
HKEY_CLASSES_ROOT\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF}
HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4}
HKEY_CLASSES_ROOT\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35}
HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2}
HKEY_CLASSES_ROOT\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{EFA52460-8822-4191-BA38-FACDD2007910}
HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\TypeLib\{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}
HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\%Windir%/Downloaded Program Files/ezstub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula
Delete files:
apev.exe, ezinstall.exe, ezstub.exe, ezpopstub.exe, mmod.exe, wo.exe, woinstall.exe, chcon.dll, chpon.dll, eabh.dll, eapbh.dll, ezstub.dll, ezula.dll, sepng.dll
Delete directories:
C:Program FileseZula
C:Program FilesWeb Offer
C:Documents and Settings[Current User]EARN
C:Documents and Settings[Current User]TopText iLookup
Misc:
Exact file location:
mmod.exe, chcon.dll, eabh.dll, seng.dll - C:\Program Files\eZula
apev.exe, wo.exe, chpon.dll, eapbh.dll - C:\Program Files\Web Offer
ezinstall.exe, woinstall.exe - C:\Windows or C:\Winnt
ezstub.dll - C:\Windows\Downloaded Program Files or C:\Winnt\Downloaded Program Files
ezstub.exe, ezpopstub.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Geolocation of eZula:

This map reveals the prevalence of eZula. Countries and regions that have been affected the most are: United States and Germany.

QR code for eZula removal instructions:

eZula qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like eZula are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall eZula right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2004-03-19 10:00:00
Information updated: 2005-09-01 03:45:30

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

0
0
Rider
This 'product' seems to change names everytime the wind blows.
0
0
Yasmin
damn thing seems to be freezing my internet by its constant interruptions...definite nuisance. But I have problems manually removing it with Window XP's command prompt! If anyone knows how to solve this email me at [email protected]..
0
0
w1n m41st3r
Just go to control panel -> add/remove programs and remove eZula. It will clear the program and the registry. However you still need to remove the .dll files manually.
0
0
herbert
i hate this thing it's slowing my computer down a ton, plus it connects itself to the internet when i'm already connected... like it starts up aol randomly. plus it makes a lot of pop ups. and i cant seem to get rid of it totally! every time i use ad aware 6.0 to remove it, it does, then i see it installing itself in the tray. realyl annoying
0
0
alaliber
this thing is doing the same thing, except it's not that easy to find, once i do find it, i can't remove it, anyone know which program can find and remove this? if not, which .dll files do i have to remove manually??? *frustrated little me, *sigh*

email suggestions to [email protected], thanks.
0
0
Guest
But what if it's TRYING to install itself, and hasn't completely installed yet? That means I won't find it on my Control Panel, and the only way to stop it's installation is to disconnect, but it just shows up again whenever I re-connect. Isn't there any other way to remove it manually?
0
0
Guest
I have had Problems with EZULA for some time now. I have tried many things to get rid of it, I will give this a try and see how it goes from there. Trust me short of reformatting your computer you will have a hard time removing this. I have gone as far as hacking the registry and booting in safe mode to hack the registry but there is an installer file somewhere that I can not find.
0
0
Guest
I tried to remove it manually and it messed by computer up! Now when I boot up all I get is a black screen. Does anybody know what is going on?
0
0
Alan
Has anybody figured out either what program takes this crap off or how else to do it? email me please: [email protected]
I don't want to mess with DOS if I don't have to. I hade Adware and Spybot but that didn't seem to work? Thanks
Is it possible I got Ezula when I had to download

their program to be able to take the online training

and testing to become a work at home agent? This is West TeleServices I'm talking about here.

After I downloaded their required Rapid Player

v 3.0 Active X Control and Rapid Player v 3.0 Runtime, My Internet Explorer browser began freezing up as well as my cursor not working right. From past experience of this behavior, it was an indication of some sort of spyware placed on my computer. So, I followed my "instinct" and ran two

adware-spyware programs I have. The Spy Ferret

Spyware killer found the Ezula. The information that it gave on Ezula stated there were two Ezula infections. One in Program ( file ) BHO and the other one was in 20040928 Executable file BHO.

Now, the only two new files I downloaded today were the ones required by Work at Home Agent which is the work at home call center division for West TeleServices. And, they state that they do not accept any other Internet browser except Internet Explorer. To me, this is the only explanation because I ran both spyware programs before I went to bed the evening of the 16th and none was found. Then today, I'm downloading the

required Rapid player to be able to have access to the study materials and take the online test. That's what I've been doing all day. Spy Ferret

information also stated that Ezula was malware that hijacked. I've already had my home page hijacked once so now I have a hijack blaster as well, added as a security measure. However, from what I understand about Ezula, there's some sort of financial "kickback" to the person or persons that placed it on my computer in the first place. I'm just

thinking here, could it be that somehow Work At Home Services which is a division of West TeleServices somehow gets a financial "kickback"

when customers ordering something from infomercials and ads are directed to my computer to order an item? Understand, I'm not accusing anyone. However, it is so odd that my computer

internet browser is so sensitive to things such as

spyware and I recognized the "symptoms" and ran

the spyware killer programs I have. And, these

"symptoms" occurred after I downloaded the Rapid player. And, I didn't have it the evening of Feb. 16, 2005 when I ran both spyware programs as part of usual check maintenance. Also, the above

web site is where I've been all day to study the

teaching modules to prepare for the online test.

There is a "saying": "If it looks like a duck, walks like a duck and quacks like a duck, then indeed it MUST be a duck! Meaning, there is a strong possibility that Ezula was added to my Internet Explorer browser when I downloaded the required

Rapid player. You certainly know more about this than I do. IF it is indeed a possibility that it was downloaded with the required Rapid Player programs, could you PLEASE just pass all the information that I've stated to you to the proper authority that would investigate this sort of thing?

Tonight the Spy Ferret removed it. Now tomorrow morning I have to go back to the web site and begin studying the materials in the modules.

At some point throughout the day, I will AGAIN run Spy Ferret to check it it has been re-installed

from the web site. IF that should be the case and I AGAIN have to remove it, I will contact you again.

The, there should be no doubt in my mind or your mind, just where the Ezula infections came from.

By the way, my computer is a Hewlett Packard Windows ME. I could not afford a more updated version which would have been a Windows XP.

Thank you for your time and consideration.

Sincerely,

Edith Porter
i hate this program it stuffed up my internet and is hard to remove even though i know the registry and stuff it re-installs itself
0
0
Paul J. Smith
I would urge everyone to write your Congressman and urge them to investigate Ezula and other adware and spyware. If enough people protest it may put Ezula out of business.
0
0
chris
This thing is acting just like the VX2 that was on my dads computer. It was a pain to get rid of. I dont know if this proble is like the VX2, who every time you reboot changes names and changed your ip address. but if it is, to hell with it. its easer to delete a few pop up than mess with all that. its not causeing serious damage to my lap top. Yet
0
0
Guest
I am so aggravated that I can not get this off my computer. I can not afford to buy any programs to uninstall it but it is so aggravating to me. If there is someone who can help me I would really appreciate it.

Post Comment:

Attention: Use this form only if you have additional information about eZula parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48599 Subscribers
Ask us
I failed to remove eZula using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other