Nowadays we are getting so many pop ups showing advertisement or alerting you of virus infections which does not go easily. They keeps coming up after closing them and are very annoying. Some of them asks you to update flash player, Some would asks to update the browsers some would show your computer might be infected with virus while some would say the java Plug-in is outdated.
I am gonna talk specifically about Zoomify virus. It does not get removed easily and none of the security softwares detects it. I scanned my computer with ADWCleaner, Hitmanpro and Malwarebyte and ESET Online scanner when I already had my updated Norton antivirus ups and running. I was still getting the pop ups whenever opening any of the browser to surf internet.
Then after all the efforts, I tried to check the processes running in the Task manager and found some new and unfamiliar services running and when I tried to close one of them, it kept coming back to running state. I did not even allow me to delete the file associated with those services.Here is the snapshot of the processes running in the task manager.
Coz32host.exe Virus Process in Task Manager |
When I searched internet to find out what these processes are and analysed them by some software, I found that this is a program which is associated with zoomify Malware and generating pop ups and redirecting browsers.This is a Virus.
Virus Type: Harmful Redirect Virus
What does it do?
- Takes over the browser and modifies the default settings randomly.
- Home page,Startup page, Search engine or other settings change on your computer. Exessive links are added to every website you open that point to websites that you’d usually avoid.
- Always try to trick you into install malware, adware or other potentially unwanted programs or unwanted harmful Browser Addons or a fake message to update Java or Flash Player or their Plugin.
- Pops up endless of annoying ads to interrupt users.
- Consumes a large amount of CPU utilization.
- Severely degrades the PC performance.
- ZoomifyApp virus can monitor your online activities and collect your personal data
How to remove it?
Double click on iExplore.exe to start RKill.
RKill |
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.Do not reboot your computer after running RKill as the malware programs will start again.
Step 2. Stop the processes associated with Zoomify Virus
Folder Option |
%program files%\Zoomify App
%documents and settings%\all users\application data\ZoomifyApp
%AllUsersProfile%\Application Data\ZoomifyApp.exe
%progran files%\Ads by Zoomify App.exe
%AllUsersProfile%\Application Data.exe
C:\WINDOWS\system32\drivers\serial.sys
C:\Users\Vishruth\AppData\Local\Temp\random.xml
C:\windows\system32\drivers\mrxsmb.sys(random)
C:\WINDOWS\system32\drivers\redbook.sys(random)
Open Location of the process running |
This will open the folder where this file is running from and you would need to delete all the files showing here so select all and press Shift+Delete key to delete the permanently.
%program files%\ Zoomify App\
%documents and settings%\all users\ application data\ ZoomifyApp
%AllUsersProfile%\Application Data\ ZoomifyApp.exe
%progran files%\ Ads by Zoomify App.exe
%AllUsersProfile%\Application Data\.exe
C:\Program Data\Zoomify
C:\WINDOWS\system32\drivers\serial.sys
C:\Users\Vishruth\AppData\Local\Temp\random.xml
C:\windows\system32\drivers\mrxsmb.sys(random)
C:\WINDOWS\system32\drivers\redbook.sys(random).
%TEMP%\nsb3.tmp\StdUtils.dll
%TEMP%\nsb3.tmp\nsisos.dll
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\CAQ30L6F.php
%TEMP%\nsb3.tmp\UserInfo.dll
%WINDIR%\Tasks\Tempo Runner cozahost.job
%WINDIR%\Tasks\Tempo Runner coz32host.job
%TEMP%\nsb3.tmp\nsislog.dll
%TEMP%\nsb3.tmp\InstallerUtils.dll
Step 4. Clean Zoomify virus from Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[ZoomifyApp]"
HKEY_CLASSES_ROOT\CLSID\[random numbers]
HKEY_CURRENT_USER\Software\AppDataLow\Software\ZoomifyApp
HKEY_CURRENT_USER\Software\ZoomifyApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoomify App
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[random numbers]
Step 4. Now delete Temp and %Temp% and Reset all the browsers.
Step 5 . Use Ccleaner
Download Ccleaner. And Run it to clean all the junks. Now click on the Tools and then click on Startup and go to Scheduled Tasks>Select all the unknown and unnecessary task and delete them.This will stop the Zoomify virus to restart their service or look for it after certain intervals.
Note:- Zoomify Virus App also comes with one another name called Zoompic with its associated file named ZoompicL64.dll with the originating folder C:\Program Data\makulitsidwe, so you might want to find and delete this folder .