We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

Close

BullGuard Support

Vi er her 24/7 for at hjælpe dig.


Send en e-mail til vores support team og får svar i løbet af 24 timer.


 

 

How to remove Adware.Zenosearch.O



THREAT NAME
Adware.Zenosearch.O

 


CLEAN INSTRUCTIONS

1. Open Task Manager (press Ctrl+Alt+Del simultaneously) and select Processes.

 

2. Select the dwdsregt.exe process, right-click it and select End Process.

 

3. Open Windows Explorer, navigate to the C:\Windows\System32 folder, then locate and delete the dwdsregt.exe file.

 

4. Go to Start Run, type regedit and press OK.


NB! Before you edit the registry, export the keys that you plan to edit, or create a backup of the system.

5. Navigate to the:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

 

6. Locate and delete the following key:
{3B-B7-7C-C1-ZN}, that have the value c:\windows\system32\dwdsregt.exe CHA001

 

7. Open Windows Explorer, navigate to: C:\Documents and Settings\User\Start Menu\Programs\Startup
and delete the TA_Start.lnk file


SYMPTOMS

1. The dwdsregt.exe appear in the process list

 

2. Pop-ups appear based on your search keywords on different web search engines


DESCRIPTION

1. Once it is executed it will create a copy of itself in the Windows system folder with the name dwdsregt.exe

 

2. It will start a new process from the dwdsregt.exe file

 

3. It will create a link named TA_Start on the Startup folder

 

4. It will create the key:


{3B-B7-7C-C1-ZN}, with the value c:\windows\system32\dwdsregt.exe CHA001 in
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

5. It will create the following registry keys:


HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\, EnableAutodial
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\, MigrateProxy - it is set to 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\, ProxyEnable - it is set to 0

6. It will delete the following registry keys:


HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\, ProxyServer
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\, ProxyOverride
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\, AutoConfigURL


Author:
The BullGuard Team



00: 00: 00: 00
Dage Timer Minutter Sekunder
Close