NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove eZula. Description and removal instructions

 
Title: eZula
Type: Adware
Severity scale:eZula severity is 29  (29 / 100)
 
eZula is an adware program that adds extra advertising links to certain keywords found in a visited web page. eZula doesn't have any dangerous payload and must be manually installed. It can update itself via the Internet. eZula automatically runs on every Windows startup.

FORUM:
Discuss eZula in
spyware removal forum

eZula properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic eZula removal:

remover for eZula

eZula manual removal:

Kill processes:
apev.exe, ezinstall.exe, ezstub.exe, ezpopstub.exe, mmod.exe, wo.exe, woinstall.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezmmod
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezwo
HKEY_CURRENT_USER\Software\eZula
HKEY_CURRENT_USER\Software\Web Offer
HKEY_CLASSES_ROOT\AtlBrCon.AtlBrCon
HKEY_CLASSES_ROOT\AtlBrCon.AtlBrCon.1
HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost
HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1
HKEY_CLASSES_ROOT\eZulaAgent.IEObject
HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1
HKEY_CLASSES_ROOT\EZulaAgent.PlugProt
HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1
HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand
HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1
HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl
HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl.1
HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl
HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay
HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper
HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper
HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1
HKEY_CLASSES_ROOT\EZulaMain.eZulaPopSearchPipe
HKEY_CLASSES_ROOT\EZulaMain.eZulaPopSearchPipe.1
HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe
HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1
HKEY_CLASSES_ROOT\EZulaMain.TrayIConM
HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1
HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE
HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE
HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}
HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\CLSID\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}
HKEY_CLASSES_ROOT\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}
HKEY_CLASSES_ROOT\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}
HKEY_CLASSES_ROOT\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
HKEY_CLASSES_ROOT\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}
HKEY_CLASSES_ROOT\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}
HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA}
HKEY_CLASSES_ROOT\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF}
HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4}
HKEY_CLASSES_ROOT\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35}
HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2}
HKEY_CLASSES_ROOT\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{EFA52460-8822-4191-BA38-FACDD2007910}
HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\TypeLib\{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}
HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\%Windir%/Downloaded Program Files/ezstub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula
HELP:
how to remove registry entries

Delete files:
apev.exe, ezinstall.exe, ezstub.exe, ezpopstub.exe, mmod.exe, wo.exe, woinstall.exe, chcon.dll, chpon.dll, eabh.dll, eapbh.dll, ezstub.dll, ezula.dll, sepng.dll
HELP:
how to remove harmful files

Delete directories:
C:Program FileseZula
C:Program FilesWeb Offer
C:Documents and Settings[Current User]EARN
C:Documents and Settings[Current User]TopText iLookup
Misc:
Exact file location:
mmod.exe, chcon.dll, eabh.dll, seng.dll - C:\Program Files\eZula
apev.exe, wo.exe, chpon.dll, eapbh.dll - C:\Program Files\Web Offer
ezinstall.exe, woinstall.exe - C:\Windows or C:\Winnt
ezstub.dll - C:\Windows\Downloaded Program Files or C:\Winnt\Downloaded Program Files
ezstub.exe, ezpopstub.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Other programs to remove eZula:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 01/09/05

Additional resources related to eZula:

Attention: If you know or you have a website or page about eZula removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about eZula parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. removal of ezula and other adware by Guest. 2005-08-03 22:08:36
I am so aggravated that I can not get this off my computer. I can not afford to buy any programs to uninstall it but it is so aggravating to me. If there is someone who can help me I would really appreciate it.

2. re: comment about Ezula by chris. 2005-04-07 16:04:00
This thing is acting just like the VX2 that was on my dads computer. It was a pain to get rid of. I dont know if this proble is like the VX2, who every time you reboot changes names and changed your ip address. but if it is, to hell with it. its easer to delete a few pop up than mess with all that. its not causeing serious damage to my lap top. Yet

3. re: comment about Ezula by Paul J. Smith. 2005-04-03 00:04:17
I would urge everyone to write your Congressman and urge them to investigate Ezula and other adware and spyware. If enough people protest it may put Ezula out of business.

4. re: comment about Ezula by Michael Davis 2005-04-01 05:04:12
i hate this program it stuffed up my internet and is hard to remove even though i know the registry and stuff it re-installs itself

5. re: comment about Ezula by Edith Porter 2005-02-18 00:02:51
Is it possible I got Ezula when I had to download

their program to be able to take the online training

and testing to become a work at home agent? This is West TeleServices I'm talking about here.

After I downloaded their required Rapid Player

v 3.0 Active X Control and Rapid Player v 3.0 Runtime, My Internet Explorer browser began freezing up as well as my cursor not working right. From past experience of this behavior, it was an indication of some sort of spyware placed on my computer. So, I followed my "instinct" and ran two

adware-spyware programs I have. The Spy Ferret

Spyware killer found the Ezula. The information that it gave on Ezula stated there were two Ezula infections. One in Program ( file ) BHO and the other one was in 20040928 Executable file BHO.

Now, the only two new files I downloaded today were the ones required by Work at Home Agent which is the work at home call center division for West TeleServices. And, they state that they do not accept any other Internet browser except Internet Explorer. To me, this is the only explanation because I ran both spyware programs before I went to bed the evening of the 16th and none was found. Then today, I'm downloading the

required Rapid player to be able to have access to the study materials and take the online test. That's what I've been doing all day. Spy Ferret

information also stated that Ezula was malware that hijacked. I've already had my home page hijacked once so now I have a hijack blaster as well, added as a security measure. However, from what I understand about Ezula, there's some sort of financial "kickback" to the person or persons that placed it on my computer in the first place. I'm just

thinking here, could it be that somehow Work At Home Services which is a division of West TeleServices somehow gets a financial "kickback"

when customers ordering something from infomercials and ads are directed to my computer to order an item? Understand, I'm not accusing anyone. However, it is so odd that my computer

internet browser is so sensitive to things such as

spyware and I recognized the "symptoms" and ran

the spyware killer programs I have. And, these

"symptoms" occurred after I downloaded the Rapid player. And, I didn't have it the evening of Feb. 16, 2005 when I ran both spyware programs as part of usual check maintenance. Also, the above

web site is where I've been all day to study the

teaching modules to prepare for the online test.

There is a "saying": "If it looks like a duck, walks like a duck and quacks like a duck, then indeed it MUST be a duck! Meaning, there is a strong possibility that Ezula was added to my Internet Explorer browser when I downloaded the required

Rapid player. You certainly know more about this than I do. IF it is indeed a possibility that it was downloaded with the required Rapid Player programs, could you PLEASE just pass all the information that I've stated to you to the proper authority that would investigate this sort of thing?

Tonight the Spy Ferret removed it. Now tomorrow morning I have to go back to the web site and begin studying the materials in the modules.

At some point throughout the day, I will AGAIN run Spy Ferret to check it it has been re-installed

from the web site. IF that should be the case and I AGAIN have to remove it, I will contact you again.

The, there should be no doubt in my mind or your mind, just where the Ezula infections came from.

By the way, my computer is a Hewlett Packard Windows ME. I could not afford a more updated version which would have been a Windows XP.

Thank you for your time and consideration.

Sincerely,

Edith Porter

6. Get this thing off my computer!!!!!!!! by Alan. 2005-01-20 22:01:21
Has anybody figured out either what program takes this crap off or how else to do it? email me please: alan49@optonline.net
I don't want to mess with DOS if I don't have to. I hade Adware and Spybot but that didn't seem to work? Thanks

7. by Guest. 2004-10-01 12:10:25
I tried to remove it manually and it messed by computer up! Now when I boot up all I get is a black screen. Does anybody know what is going on?

8. Tony by Guest. 2004-09-13 16:09:11
I have had Problems with EZULA for some time now. I have tried many things to get rid of it, I will give this a try and see how it goes from there. Trust me short of reformatting your computer you will have a hard time removing this. I have gone as far as hacking the registry and booting in safe mode to hack the registry but there is an installer file somewhere that I can not find.

9. by Guest. 2004-09-05 17:09:10
But what if it's TRYING to install itself, and hasn't completely installed yet? That means I won't find it on my Control Panel, and the only way to stop it's installation is to disconnect, but it just shows up again whenever I re-connect. Isn't there any other way to remove it manually?

10. Madison- by alaliber. 2004-07-14 18:07:19
this thing is doing the same thing, except it's not that easy to find, once i do find it, i can't remove it, anyone know which program can find and remove this? if not, which .dll files do i have to remove manually??? *frustrated little me, *sigh*

email suggestions to alaliber@indiana.edu, thanks.

11. by herbert. 2004-06-10 09:06:33
i hate this thing it's slowing my computer down a ton, plus it connects itself to the internet when i'm already connected... like it starts up aol randomly. plus it makes a lot of pop ups. and i cant seem to get rid of it totally! every time i use ad aware 6.0 to remove it, it does, then i see it installing itself in the tray. realyl annoying

12. by w1n m41st3r. 2004-06-09 22:06:05
Just go to control panel -> add/remove programs and remove eZula. It will clear the program and the registry. However you still need to remove the .dll files manually.

13. by Yasmin. 2004-05-23 21:05:29
damn thing seems to be freezing my internet by its constant interruptions...definite nuisance. But I have problems manually removing it with Window XP's command prompt! If anyone knows how to solve this email me at strawberrie_sweetie882002@hotmail.com...

14. by Rider. 2004-07-22 03:07:08
This 'product' seems to change names everytime the wind blows.
Related news:
Similar parasites:
Related articles:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.