Winzip registry optimizer вирус

WinZip Registry Optimizer uses deceptive marketing tactics to get users to install the program with or without direct consent and knowledge. The program typically installs alongside other unwanted programs and adware like NetRadio. WinZip Registry Optimizer is recognized as a potentially unwanted program (or PUP) by most reputable Antivirus and Anti-Malware programs like Malwarebytes and HitmanPro. The unwanted program is known to collect user data, perform misleading scans, bundle with programs that serve advertisements to the user in their web browser and Windows desktop, and bundle with programs that change existing internet browser settings, which essentially causes affected web browsers to start-up on and redirect to sponsored webpages. Once a computer has become infected with the “WinZip Registry Optimizer virus” the program will edit Windows registry and make modifications to the computer system in order to run every time Windows starts. The process WinZip Registry Optimizer.exe (and others) will remain active in Windows Task Manager and the file can enable itself if the process has been manually ended.

WinZip Registry Optimizer Screenshot

Threat Details

Name(s)	WinZip Registry Optimizer, WinZip Registry Optimizer virus
Detection Categories	Scareware, Potentially Unwanted Program (PUP)
Short Description	The PUP is promoted as a free Windows optimizer.
Symptoms	The user may experience unwanted advertisements and redirects in the web browser from bundled programs.
Distribution Method	The PUP bundles with freeware and dubious files.
Detection Tool	Download Malware Removal Tool

What is WinZip Registry Optimizer?

WinZip Registry Optimizer is promoted as a Windows optimizer program that can clean your registry to make your computer faster. The description for the program claims that it scans, fixes, and repairs PC registry. It also claims to prevent system crashes and improve stability and performance. However, the program is not free to use. In order to use all the features the user must purchase the product. The claims made by the product have not been evaluated; However, the program is detected by Anti-Malware software as being potentially malicious and possibly misleading.

Potential WinZip Registry Optimizer malware and adware that it bundles with will generate pop-up and in-text style ads on the internet and Windows desktop. The programs may even show a large bar at the top of Windows desktop that contains links and a search box. Various user details may also be obtained by the adware and used for a several different purposes. The data collection is described in the product’s Privacy Policy and allotted permissions if a browser attachment is present. Getting to know the Privacy Policy, Terms of Use and Download Agreement of freeware is crucial to keeping your online information secure.

WinZip Registry Optimizer Removal Guide

WinZip Registry Optimizer can be uninstalled manually from your computer and internet browser. We have provided several steps below the article to show you how remove WinZip Registry Optimizer and other threats. However, if you have clicked on any random ads or have been redirected to suspicious websites, your system may have been exposed to malware and other threats. To make sure your PC is completely clean and your information is protected from cyber criminals, we recommend that you follow all the steps below.

Quick Links

Follow the instructions to uninstall WinZip Registry Optimizer and other programs that it may bundle with from your Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Windows 10 computer. If you do not find WinZip Registry Optimizer installed on your computer but still notice unwanted symptoms such as pop-up ads while you browse the web it is recommended to use Malwarebytes and HitmanPro to eradicate troublesome files.

1. Open Windows Start or Task menu and go to the Control Panel (or directly to Programs and Features).

2. In the “Programs” section click Uninstall a program (or Add and remove programs).

3. Search for WinZip Registry Optimizer (by WinZip International Ltd) and other programs in the list of installed programs and double click the program you want to remove to uninstall it. You can also select WinZip Registry Optimizer with your mouse and click the Uninstall button once it appears. Once you have uninstalled WinZip Registry Optimizer look for other unwanted programs in the list of installed programs and uninstall any if they are found. A general tip is to click “Installed On” to locate any programs that installed around the same time. Uninstalling the program will not completely remove it. Follow the steps for more instructions.

Google Chrome

1. Click the Customize and control Google Chrome icon and go to More tools > Extensions.

2. Search for unwanted extensions in the list and click the trashcan icon.

Mozilla Firefox

1. Open the Menu and click Add-ons.

2. Search for unwanted add-ons and click Remove.

Apple Safari

1. Go to Safari > Preferences > Extensions.

2. Search for unwanted extensions in the list and click the Uninstall button.

Follow the instructions to remove WinZip Registry Optimizer with Malwarebytes Anti-Malware software.

1. Download and install Malwarebytes Anti-Malware software.

2. Launch Malwarebytes Anti-Malware software once it has finished installing.

3. Make sure that Malwarebytes has been updated. To ensure it is updated click Update Now on the Dashboard.

4. Click the large Scan Now button on the dashboard to perform a scan with Malwarebytes Anti-Malware software.

5. When the scan is complete click the Remove Selected button and then click the Finish button or restart your computer if Malwarebytes suggests that you do so.

Follow the instructions to remove WinZip Registry Optimizer with HitmanPro second-opinion software.

3. Once Hitman Pro is installed, open the program and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

4. When the scan is complete, click the Next button again to delete any threats or traces on your system.

5. If you are initially using the free version, to activate it, enter your email address twice and click the Activate button.

6. Restart your computer by selecting Reboot.

Follow the instructions to clean your computer and repair your computer’s settings.

2. Once installed, open the program and go to the main Cleaner screen and click the Analyze button. Afterwards, click the Run Cleaner button on the bottom right of the program interface.

3. Next, navigate to Tools > Startup and search through each tab starting from windows, internet explorer, etc., all the way to Content Menu, for additional suspicious entries. If you find any thing suspicious click it and click the Delete button to remove it.

4. To finish things off, go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.

This is a discussion on WinZip Registry Optimizer Virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Guys, Thank you for your time and detailed process, I hope I have included all that you asked for.

Thank you for your time and detailed process, I hope I have included all that you asked for.

As you requested 'Utorrent' and 'Vuze' have been removed from the computer and 'Microsoft Forefront Endpoint Protection' has been disabled. The requested text 'DDS.txt' is below and 'Attach.txt' and 'ARK.txt' are atached in the 'Attach.zip' file.

FYI I don't have a Windows Install Disc or Boot CD but I can get access to one from someone else.

As requested I have backed up all important files on the computer to another hard drive.

I have a 'WinZip Registry Optimizer' program that keeps popping up each time I turn the computer on and telling me I have errors on my computer and to Purchase their program to fix it. It seems it is a virus as I was using torrents when it popped up. I use Windows 7 and when I press the start button the 'WinZip Registry Optimizer' is the first icon above the start button and it is highlighted yellow.

I was trying to download the "Pimsleur Spanish" program via some torrents using the 'Utorrent' program. I tried to download a few of the torrents although they looked a little fishy and didn't work. I then installed the 'Vuze' program and dowloaded the 'Pimsleur Spanish' torrent from isohunt.com - it downloaded successfully. Since then I have had the 'WinZip Registry Optimizer' keep popping up.

Thank you very much for your help and I look forward to your reply. Please let me know if I can provide any more information.

1\programs\usbtip\USBTip.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [PrivitizeVPN] c:\program files\privitizevpn\PrivitizeVPN.exe /autorun
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
StartupFolder: c:\progra

1.lnk - c:\manageengine\desktopcentral_server\bin\DesktopCentral.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra

2\office12\EXCEL.EXE/3000
IE: <2670000A-7350-4f3c-8081-5663EE0C6C49>- <48E73304-E1D6-4330-914C-F5F514E3486C>- c:\program files\microsoft office\office12\ONBttnIE.dll
IE: <898EA8C8-E7FF-479B-8935-AEC46303B9E5>- <898EA8C8-E7FF-479B-8935-AEC46303B9E5>- c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: <92780B25-18CC-41C8-B9BE-3C9C571A8263>-
DPF: <4871A87A-BFDD-4106-8153-FFDE2BAC2967>- hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 192.168.1.254
TCP: Interfaces\ : DHCPNameServer = 192.168.0.1 192.168.1.254
Handler: grooveLocalGWS - <88FED34C-F0CA-4636-A375-3CB6248B04CD>- c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - <91774881-D725-4E58-B298-07617B9B86A8>- c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra

1.dll
SSODL: WebCheck -
SEH: Groove GFS Stub Execution Hook - - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2010-9-25 19496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 DesktopCentralServer;ManageEngine Desktop Central Server;c:\manageengine\desktopcentral_server\bin\wrapper.exe -s c:\manageengine\desktopcentral_server\conf\wrapper.conf --> c:\manageengine\desktopcentral_server\bin\wrapper.exe -s c:\manageengine\desktopcentral_server\conf\wrapper.conf [?]
R2 FCSAM;Microsoft Antimalware Service;c:\program files\microsoft forefront\forefront system\client\antimalware\MsMpEng.exe [2009-7-2 17904]
R2 FSysAgent;Microsoft Forefront System Agent;c:\program files\microsoft forefront\forefront system\client\agent\FSysAgent.exe [2009-9-3 193376]
R2 HealthService;System Center Management;c:\program files\system center operations manager 2007\HealthService.exe [2009-5-8 27008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-9-25 2320920]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-7-2 188760]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-9-17 1006448]
R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\manageengine\desktopcentral_server\bin\dcnotificationserver.exe [2013-1-11 230952]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\manageengine\desktopcentral_server\apache\bin\dcserverhttpd.exe [2013-1-11 20549]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-25 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-6-3 33792]
S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-3-20 38144]
S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-3-27 32768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]
S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [2009-5-8 269696]
.
=============== Created Last 30 ================
.
2013-01-11 12:12:27 -------- d-----w- C:\ManageEngine
2013-01-11 12:11:39 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-01-11 12:11:39 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-01-11 12:11:39 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-01-11 12:11:39 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-01-11 12:11:38 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-01-09 19:41:05 6812136 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\<4566a895-2d4a-4dff-bda5-5a52638f0ae1>\mpengine.dll
2013-01-09 19:36:49 46592 ----a-w- c:\windows\system32\fpb.rs
2013-01-08 07:52:30 -------- d-----w- c:\programdata\SweetIM
2013-01-08 07:52:30 -------- d-----w- c:\program files\SweetIM
2013-01-08 07:52:27 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2013-01-08 07:51:46 -------- d-----w- c:\program files\Gophoto.it
2013-01-08 07:41:00 -------- d-----w- c:\users\marko\appdata\local\WinZip
2013-01-08 07:39:42 -------- d-----w- c:\users\marko\appdata\roaming\Nico Mak Computing
2013-01-08 07:39:39 17224 ----a-w- c:\windows\system32\roboot.exe
2013-01-08 07:39:35 -------- d-----w- c:\program files\WinZip Registry Optimizer
2013-01-08 07:39:30 -------- d-----w- c:\users\marko\.swt
2013-01-08 07:39:08 -------- d-----w- c:\program files\Vuze_Remote
2013-01-08 07:38:50 -------- d-----w- c:\users\marko\appdata\roaming\Azureus
2013-01-08 07:38:43 -------- d-----w- c:\program files\Vuze
2013-01-08 05:55:27 -------- d-----w- c:\program files\WhiteSmoke_US_New_E1
2013-01-08 05:55:06 -------- d-----w- c:\users\marko\appdata\local\SwvUpdater
2013-01-08 05:54:30 -------- d-----w- c:\program files\SaveAs
2013-01-08 05:54:20 -------- d-----w- c:\programdata\SaveAs
2013-01-08 05:36:51 -------- d-----w- c:\program files\PrivitizeVPN
2013-01-08 05:36:45 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-08 05:36:28 -------- d-----w- c:\program files\ZoomEx
2013-01-08 05:36:17 -------- d-----w- c:\programdata\Zoomex
2012-12-27 02:19:16 -------- d-----w- c:\users\marko\appdata\roaming\NVIDIA
2012-12-21 05:52:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 05:52:57 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 06:13:43 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 06:13:41 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:13:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 05
15 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:00:06 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 03:07:41 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:51:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03
48 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-11-22 09:33:26 627712 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 05:10:07 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:49:55 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-02 04:50:33 1388544 ----a-w- c:\windows\system32\msxml6.dll
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
============= FINISH: 23:19:56.61 ===============

01-11-2013, 05:08 AM	#1

Sponsored Links

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

I noticed you have Ask Toolbar and Ask Toolbar Updater installed.

Please read this and decide if you want to keep them >> Current Practices of IAC/Ask Toolbars

You can uninstall them via Programs and Features in your Control Panel.

If you decide to uninstall them, please delete the following Folder if it still exists:

Please uninstall the following via Start->(or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Funmoods Web Search (or Computer)->Control Panel->Programs->Programs and Features if it still exists:

Incredibar Toolbar Control Panel->Programs->Programs and Features if it still exists:

TheBflix Control Panel->Programs->Programs and Features if it still exists:

Web Assistant Control Panel->Programs->Programs and Features if they still exists:

WhiteSmoke US New E1 Toolbar has an excellent writeup here

We suggest uninstalling them via Programs and Features in your Control Panel.

Please download AdwCleaner from here and save it to your desktop.

• Run adwcleaner and select Delete
• Once done it will ask to reboot, please allow the reboot.
• On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
• Please copy/paste the contents of the log in your next reply.

------------------------------------------------------

Reboot your computer. Please describe any remaining problems.

01-14-2013, 06:51 PM	#2

Thank you for your response.
Went throught the procedure you outlined.
The adwcleaner log is below.
Do you suggest any particular program for protection in the future?
Also, how do I enableMicrosoft Forefront Enpoint protection again as it was disabled according to your instructions.

# AdwCleaner v2.105 - Logfile created 01/15/2013 at 19:27:33
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Marko - MARKO-PC
# Boot Mode : Normal
# Running from : C:\Users\Marko\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****
Stopped & Deleted : WebOptimizer
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\SaveAs
Deleted on reboot : C:\Program Files\Zoomex
Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\Users\Marko\AppData\Local\funmoods.crx
File Deleted : C:\Users\Marko\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Windows\system32\conduitEngine.tmp
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Veoh_Web_Player
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoomex
Folder Deleted : C:\ProgramData\SaveAs
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\ProgramData\Zoomex
Folder Deleted : C:\Users\Marko\AppData\Local\Conduit
Folder Deleted : C:\Users\Marko\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Marko\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Marko\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marko\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Marko\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Marko\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Marko\AppData\LocalLow\SaveAs
Folder Deleted : C:\Users\Marko\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Marko\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\Marko\AppData\LocalLow\Zoomex
Folder Deleted : C:\Users\Sarkos\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sarkos\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Windows\Installer\
Folder Deleted : C:\Windows\system32\WNLT
***** [Registry] *****
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra

1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra

The program is run by a backdoor Trojan than can bypass antivirus detection. So I would

like to know how to remove it manually. It's it's early stage where it's scanning automatically when I start the computer. I downloaded Utorrent and it popped up. I have Windows 7 Home Premium.

Is this the correct way?

WinZip Registry Optimizer is one of those annoying Malware Trojans that allows other Adware, Spyware, additional Malware, and other viruses to come in and attack your PC. Most Anti-Virus software (especially the free ones like Malware Bytes) will not clean the machine. The best way to clean it is to manually remove the darn thing.

Follow this guide to remove the virus (step by step)

1) Restart your computer. As your computer restarts, but before Windows launches, tap F8 to get the Windows Advanced Option Menu

*When you get the Option Menu, use the arrow keys to highlight "Safe Mode with Networking"

3) Launch Task Manager (CTRL + ALT + DELETE and select Task Manager)

4) From the Task Manager, click on the Processes tab

5) Stop all processes for Winzip Registry Optimizer

6) Remove Winzip Registry Optimizer files from these folders:

%AllUsersProfile% \Application data\ .exe

7) Remove Winzip Registry Optimizer from your registry

Click on your Windows icon (windows 7) or Start button (windows XP)

In Search field type regedit (windows 7) or Click on Run and type regedit in the open field (windows xp)

" (Default) " = "%LocalAppData" -a "%1" %*

" (Default) " = "%LocalAppData" -a "%1" %*

8) Go to Control Panel

9) (Windows 7) Programs and Features (Windows XP) Add/Remove Programs

10) Uninstall Winzip Registry Optimizer

NOTE: To completely remove it, we need to find out the process, files, and registry entries of the virus. If you haven't sufficient expertise in dealing with program files, processes, dll files, and registry entries. it is not recommended to delete the infections by manual process. Any pivotal system files that are removed can render your machine useless. It is recommended you ask help from an experienced professional.

i have uninstalled win zip registry optimizer and i realized i couldnt completely remove it. So i follow your step and try to remove it however i do not see any processes for winzip Registry optimizer in my processess tap.

Login to reply the answers Post

• 
  Login to reply the answers Post

• 
  Login to reply the answers Post

• 
  Login to reply the answers Post

Winzip Registry Optimizer

• 
  Login to reply the answers Post

These directions r for W7. modify for XP or Vista RE running a program.

1. Boot to safe mode with networking (hit F8 repeatedly while booting till safe mode menu appears) - if that option isn't available u have a real problem. Time for clean install.

2. Delete everything in all ur temp folders and recycle bin - u can dnld and run ATFCLEANER - it makes life easier.

3. Go to START, type MSCONFIG and set it for diagnostic mode startup.

4. Open a browser - if it does not connect try unchecking the proxy setting under tools - internet options - connections - advanced = if u can't u will have to dnld MBAM someplace else and load to computer and install. -- also dnload VipreRescue (VR) - google to find dnld site.

5. Run both MBAM and VR in deep scan mode. VR defaults to that (VR must finish otherwise nothing will be removed/fixed)

6. Go to START, enter CMD, rt clk CMD.EXE in list and clk Run as administrator. Type SFC /SCANNOW. Let finish.

7. Reboot and pray.

8. If it doesn't boot it is time for a clean install. The virus hosed a system file and the scan could not clean it and deleted it and SFC could not fix it. - end of story.

9. If it boots ok, go back to msconfig and recheck everything in services and startup that does not look strange-like random lettered files. U can just chk NORMAL startup, but if u chk them all and get an error about a file that could not be run, it is because the file was a virus and was deleted.

10. Save these instructions - u will need it again.

Читайте также:

• Что лучше при гриппе кагоцел или амиксин
• Как называется вирус в китае 2020 последние
• Можно ли при ангине принимать противовирусные препараты
• Зайка которая заболела гриппом
• В доме новорожденный вирусы

01-15-2013, 12:36 AM	#3