Zwunzi
Zwunzi or Adware.Zwunzi as detected by some antivirus program is another potentially unwanted application that will install itself as a Search plugin for Internet browser. Zwunzi toolbar search was known to infect Internet Explorer and Mozilla Firefox only.
Alias: -
Damage Level: Low
Systems Affected: Windows
Manual Removal of Zwunzi
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Find and stop the service
- Click Start > Run.
- Type services.msc, and then click OK.
- Locate and select the service that was detected.
Service Name: Zwunzi Service
Display Name: Zwunzi Service
- Click Action > Properties.
- Click Stop.
- Change Startup Type to Manual.
- Click OK and close the Services window.
4. Restart Windows in SafeMode [how to]
5. Run a full system scan and clean/delete all infected file(s)
6. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Zwunzi\”DisplayName” = “Zwunzi 1.0 build 128″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Zwunzi\”UninstallString” = “%ProgramFiles%\Zwunzi\uninstall.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”Cid” = “466705c1534b4aee8c896579946b055f”
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”DllPath = “%ProgramFiles%\Zwunzi\zwunzi.dll”
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”Initial” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”Partner” = “ZWUNZI128″
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”Primary” = “f403″
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”ShowBarSign” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”ShowToolbarButton” = “0″
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”Src” = “zwunzi”
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi\”Version” = “1001c”
Navigate to and delete the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root \LEGACY_ZWUNZI_SERVICE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root \LEGACY_ZWUNZI_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root \LEGACY_ZWUNZI_SERVICE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Zwunzi Service\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root \LEGACY_ZWUNZI_SERVICE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root \LEGACY_ZWUNZI_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root \LEGACY_ZWUNZI_SERVICE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Zwunzi Service\Security
7. Exit registry editor and restart Windows.
8. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
User
Dec 06, 2009 @ 16:00:01
Many thanx ; )
tom
Dec 21, 2009 @ 08:54:47
thank you.
the only problem is, i can’t uninstall the zwunzi extension from firefox.
OIO
Jan 26, 2010 @ 01:04:25
ISSO É SEGURO? :)