Remove eZula
Removal instructions

Severity scale:  
  (29/100)
eZula | Type: Adware
eZula is an adware program that adds extra advertising links to certain keywords found in a visited web page. eZula doesn't have any dangerous payload and must be manually installed. It can update itself via the Internet. eZula automatically runs on every Windows startup. eZula properties:
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic eZula removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove eZula you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
remover for eZula Happiness
Guarantee
Compatible with Microsoft
SpyHunter is recommended remover to uninstall eZula. You should confirm using free trial that it detects current version of parasite.
more than 40.000.000 downloads!
What to do if you failed to remove the infection?
If you failed to remove eZula using SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.

Alternate Software

STOPzilla
We are testing STOPzilla's efficiency at removing eZula (2005-09-01 06:22:45)
SpyHunter
We are testing SpyHunter's efficiency at removing eZula (2005-09-01 06:22:45)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing eZula (2005-09-01 06:22:45)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency at removing eZula (2005-09-01 06:22:45)
Virus Removal Phone Support
1-877-657-9614
Help Line to remove eZula

eZula manual removal

Kill processes:
apev.exe, ezinstall.exe, ezstub.exe, ezpopstub.exe, mmod.exe, wo.exe, woinstall.exe
Delete registry values:
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezmmod
HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezwo
HKEY_CURRENT_USER\Software\eZula
HKEY_CURRENT_USER\Software\Web Offer
HKEY_CLASSES_ROOT\AtlBrCon.AtlBrCon
HKEY_CLASSES_ROOT\AtlBrCon.AtlBrCon.1
HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost
HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1
HKEY_CLASSES_ROOT\eZulaAgent.IEObject
HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1
HKEY_CLASSES_ROOT\EZulaAgent.PlugProt
HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1
HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand
HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1
HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl
HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl.1
HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl
HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch
HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay
HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper
HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1
HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper
HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1
HKEY_CLASSES_ROOT\EZulaMain.eZulaPopSearchPipe
HKEY_CLASSES_ROOT\EZulaMain.eZulaPopSearchPipe.1
HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe
HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1
HKEY_CLASSES_ROOT\EZulaMain.TrayIConM
HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1
HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE
HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE
HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}
HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\CLSID\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}
HKEY_CLASSES_ROOT\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}
HKEY_CLASSES_ROOT\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}
HKEY_CLASSES_ROOT\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
HKEY_CLASSES_ROOT\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}
HKEY_CLASSES_ROOT\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}
HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA}
HKEY_CLASSES_ROOT\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF}
HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\Interface\{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4}
HKEY_CLASSES_ROOT\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35}
HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2}
HKEY_CLASSES_ROOT\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
HKEY_CLASSES_ROOT\Interface\{EFA52460-8822-4191-BA38-FACDD2007910}
HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
HKEY_CLASSES_ROOT\TypeLib\{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
HKEY_CLASSES_ROOT\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}
HKEY_CLASSES_ROOT\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0}
HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\%Windir%/Downloaded Program Files/ezstub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula
Delete files:
apev.exe, ezinstall.exe, ezstub.exe, ezpopstub.exe, mmod.exe, wo.exe, woinstall.exe, chcon.dll, chpon.dll, eabh.dll, eapbh.dll, ezstub.dll, ezula.dll, sepng.dll
Delete directories:
C:Program FileseZula
C:Program FilesWeb Offer
C:Documents and Settings[Current User]EARN
C:Documents and Settings[Current User]TopText iLookup
Misc:
Exact file location:
mmod.exe, chcon.dll, eabh.dll, seng.dll - C:\Program Files\eZula
apev.exe, wo.exe, chpon.dll, eapbh.dll - C:\Program Files\Web Offer
ezinstall.exe, woinstall.exe - C:\Windows or C:\Winnt
ezstub.dll - C:\Windows\Downloaded Program Files or C:\Winnt\Downloaded Program Files
ezstub.exe, ezpopstub.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Geolocation of eZula

This map reveals the prevalence of eZula. Countries and regions that have been affected the most are: United States and Germany.

QR code for eZula removal instructions

eZula qrcode QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like eZula are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall eZula right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.

Information added: 2004-03-19 10:00
Information updated: 2005-09-01 03:45

Additional resources

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Users comments about eZula:

0
0
Guest
I am so aggravated that I can not get this off my computer. I can not afford to buy any programs to uninstall it but it is so aggravating to me. If there is someone who can help me I would really appreciate it.
0
0
chris
This thing is acting just like the VX2 that was on my dads computer. It was a pain to get rid of. I dont know if this proble is like the VX2, who every time you reboot changes names and changed your ip address. but if it is, to hell with it. its easer to delete a few pop up than mess with all that. its not causeing serious damage to my lap top. Yet
0
0
Paul J. Smith
I would urge everyone to write your Congressman and urge them to investigate Ezula and other adware and spyware. If enough people protest it may put Ezula out of business.
i hate this program it stuffed up my internet and is hard to remove even though i know the registry and stuff it re-installs itself
Is it possible I got Ezula when I had to download

their program to be able to take the online training

and testing to become a work at home agent? This is West TeleServices I'm talking about here.

After I downloaded their required Rapid Player

v 3.0 Active X Control and Rapid Player v 3.0 Runtime, My Internet Explorer browser began freezing up as well as my cursor not working right. From past experience of this behavior, it was an indication of some sort of spyware placed on my computer. So, I followed my "instinct" and ran two

adware-spyware programs I have. The Spy Ferret

Spyware killer found the Ezula. The information that it gave on Ezula stated there were two Ezula infections. One in Program ( file ) BHO and the other one was in 20040928 Executable file BHO.

Now, the only two new files I downloaded today were the ones required by Work at Home Agent which is the work at home call center division for West TeleServices. And, they state that they do not accept any other Internet browser except Internet Explorer. To me, this is the only explanation because I ran both spyware programs before I went to bed the evening of the 16th and none was found. Then today, I'm downloading the

required Rapid player to be able to have access to the study materials and take the online test. That's what I've been doing all day. Spy Ferret

information also stated that Ezula was malware that hijacked. I've already had my home page hijacked once so now I have a hijack blaster as well, added as a security measure. However, from what I understand about Ezula, there's some sort of financial "kickback" to the person or persons that placed it on my computer in the first place. I'm just

thinking here, could it be that somehow Work At Home Services which is a division of West TeleServices somehow gets a financial "kickback"

when customers ordering something from infomercials and ads are directed to my computer to order an item? Understand, I'm not accusing anyone. However, it is so odd that my computer

internet browser is so sensitive to things such as

spyware and I recognized the "symptoms" and ran

the spyware killer programs I have. And, these

"symptoms" occurred after I downloaded the Rapid player. And, I didn't have it the evening of Feb. 16, 2005 when I ran both spyware programs as part of usual check maintenance. Also, the above

web site is where I've been all day to study the

teaching modules to prepare for the online test.

There is a "saying": "If it looks like a duck, walks like a duck and quacks like a duck, then indeed it MUST be a duck! Meaning, there is a strong possibility that Ezula was added to my Internet Explorer browser when I downloaded the required

Rapid player. You certainly know more about this than I do. IF it is indeed a possibility that it was downloaded with the required Rapid Player programs, could you PLEASE just pass all the information that I've stated to you to the proper authority that would investigate this sort of thing?

Tonight the Spy Ferret removed it. Now tomorrow morning I have to go back to the web site and begin studying the materials in the modules.

At some point throughout the day, I will AGAIN run Spy Ferret to check it it has been re-installed

from the web site. IF that should be the case and I AGAIN have to remove it, I will contact you again.

The, there should be no doubt in my mind or your mind, just where the Ezula infections came from.

By the way, my computer is a Hewlett Packard Windows ME. I could not afford a more updated version which would have been a Windows XP.

Thank you for your time and consideration.

Sincerely,

Edith Porter
0
0
Alan
Has anybody figured out either what program takes this crap off or how else to do it? email me please: [email protected]
I don't want to mess with DOS if I don't have to. I hade Adware and Spybot but that didn't seem to work? Thanks
0
0
Guest
I tried to remove it manually and it messed by computer up! Now when I boot up all I get is a black screen. Does anybody know what is going on?
0
0
Guest
I have had Problems with EZULA for some time now. I have tried many things to get rid of it, I will give this a try and see how it goes from there. Trust me short of reformatting your computer you will have a hard time removing this. I have gone as far as hacking the registry and booting in safe mode to hack the registry but there is an installer file somewhere that I can not find.
0
0
Guest
But what if it's TRYING to install itself, and hasn't completely installed yet? That means I won't find it on my Control Panel, and the only way to stop it's installation is to disconnect, but it just shows up again whenever I re-connect. Isn't there any other way to remove it manually?
0
0
Rider
This 'product' seems to change names everytime the wind blows.
More comments...

Post Comment

Attention: Use this form only if you have additional information about eZula parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)
Like us on Facebook
News
Subscribe
Ask us
Parasites
Tags
Files
What's your antispyware?
Compare
I failed to remove eZula using SpyHunter.

Email


Close
add text box
rss feed
help other
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!