Ezula

Description:	Adware
Risk Level:	High
Date of First Occurence:	Tuesday, April 15, 2008
Software Developer:	eZula, Inc.
Brief Info:	Ezula alters Web pages viewed in Internet Explorer and can add extra links to certain keywords that are targeted by advertisers.
Removal:	This threat can be removed using "Spyware Terminator"

REMOVER SPYWARE »

Geographical Distribution of Threat "Ezula"

Threat Info

View All

Detected Items

Detected Files: %SYSDIR%\ezstub.exe MD5: BA5C5626812103EC1E498126B96A4C67 Size:69632 MD5: 482DF7BBB9F572C5B5A05F67278BD36A Size:65536 MD5: 52B9D718853E48C7126B9B34C2B9E016 Size:57344 MD5: F89B0FC79874E3250CAD7FCD084D29E7 Size:69632 MD5: 4907F139310992B52E97860BBDD71DDD Size:69632 MD5: 1527DCCF83C2D209DF5AB05FBA8EAD4A Size:69632 MD5: 1A77096F4A2FD89B47F9DC031859CFB8 Size:69632 MD5: 2B3382CBADC4EC7C7FC03C3D02739406 Size:65536 MD5: A3E178FF2AE989715394473A742205CF Size:73728 MD5: 7092320FDA47A621F82EFBABE2E85183 Size:65536 MD5: 43D1EC823E46EF10303A8B2A8438E9F6 Size:65536 MD5: 7CED2F9A467A29C0DAF3E0F52D178A8A Size:65536 and more.... %SYSDIR%\ezPopStub.exe MD5: 85709E850780B367DBCB7811D25E8E64 Size:73728 MD5: 403B20A7A84763B6E6C5BDF3EED032B9 Size:73728 MD5: 8454E3A37E851E0D1AC5F8872A27C576 Size:69632 MD5: 0E49B39CA381FDE426FC856858AAEDFE Size:69632 MD5: 7EA4F8F3F03C336616475462DB6FEF62 Size:73728 MD5: 1D8CFCD500C04E1E5E2F2E72BF9C2B52 Size:73728 %PROGRAMFILES%\Web Offer\eapbh.dll MD5: ED7569534BAADC8E32D6DAE49AB729E9 Size:225345 MD5: 1EFB171F32A504DD73D1BF8005866534 Size:225345 MD5: 19CA8BDC1219C6EB93C7EDFC7A025288 Size:225345 MD5: 2B9780AC85B0BB3480F41B9F3FB2060B Size:225345 MD5: E69369357216A7900A79C742B715EB06 Size:225345 MD5: 4421CA737EFC14638FAAF0787138E651 Size:225345 MD5: 62235D6476266A1450F820F5FFA7F5CA Size:225345 MD5: 58DD39E612644128FF9B62DBEC8315A7 Size:225345 MD5: C701A7AF891D37B332685660AB336891 Size:225345 MD5: 8CC8B531B74B9B6DA166D61A6D084AF3 Size:225345 %PROGRAMFILES%\Web Offer\CHPON.dll MD5: E3204763E4F0EAB820C742C1290D3C30 Size:49152 MD5: DE598CE96D7095EF7353F4670DBE8266 Size:49152 MD5: 6CB622C09F8424D366D155E3FCA1FCDA Size:49152 MD5: B0B701DF53E42F3DF94E1114970DE8AD Size:49152 MD5: 24EFD74AF2E387F79B56166FAFA0EC98 Size:49152 MD5: FC2885EEDB8FF221BE88422FD3BBAFF4 Size:49152 MD5: 5220979BABBBE00402A727607A065964 Size:49152 MD5: 1CF736D7E92B2BAD550AC51E26436BCE Size:49152 MD5: 52FB372C72AAB9F30D71A57F7466C99E Size:49152 %PROGRAMFILES%\Web Offer\apev.exe MD5: 81F7F4DD04F034243F45073B18019334 Size:81920 MD5: 432995F8CAF25CC2738C5CE0B0C90B5A Size:81920 MD5: D0C6DA742B1E3FB496100EAEEAD6C216 Size:81920 MD5: 14C77D0469AC5E3008ED45AB2A2BE9E9 Size:81920 MD5: 2402062170F5A7A676996BFD753F492E Size:81920 MD5: 3A17FB42048F0537C182C3DAA4BD5BFA Size:81920 MD5: E64EB686C905CDAC1A49404D46E437D3 Size:81920 MD5: CE09C8A6DAD06695247F3FB474767228 Size:81920 MD5: BB5FD4C42E547F22A7AE0D8BDB72A757 Size:81920 MD5: 725D3974AD9FC1E05776D9957438903C Size:81920 %WINDIR%\eZinstall.exe MD5: 95B71B57FC361400AC0FB3075318D5EC Size:128343 MD5: EA201B497BAE46D0194D14115D1F3766 Size:128328 MD5: D88ED98FE885940127072C74F9875512 Size:128346 MD5: D32463538E71F38106438A9D437E225C Size:128279 MD5: F9C2AF5BE0ED5523731F24D17C257497 Size:128483 MD5: 7F55A161AFECCB94FDE1AA6DEE5396C4 Size:128355 MD5: 506C8475383FB630844F71FFF70C2018 Size:128458 MD5: 14D2A885AB4F3591DFACBD9B21480240 Size:128340 MD5: B2885FC628D056B1EF86A9DB9CCE6288 Size:128236 MD5: 5755F791ED6B439FB8B49020782EAC6B Size:128264 MD5: 86698FB7D09569EF65E60F4160F15F89 Size:128279 MD5: 252C17365DB5605CBE0CC5933A8F8FD5 Size:128248 and more.... %WINDIR%\woinstall.exe MD5: A4DD4A218AC52F2711686DEFB1D97154 Size:127807 MD5: E2C63061E885124F22D363D52A9B0CC3 Size:127811 MD5: 5DAE8D99F49FA982C69B8AC83AE142FC Size:127758 MD5: B0A8E67D207F0AC7B79DCAABDDE698F8 Size:127740 MD5: 09B26A225A83B5714ACC7484CB288C95 Size:127808 MD5: A7993E2DB100D6C271F6BCB3B44B4E4E Size:127806 MD5: D43D90F5FA7BA90B377D13CA6DC71DA5 Size:127761 MD5: 705CFDAC3DC07F4F5AF46DC03135ABFB Size:127756 MD5: 9AD36F8DD909702F2D545385671A7311 Size:127753 MD5: F6CD6FE4D0CF3FF1FA7AE7CF8604F630 Size:127763 MD5: 3A6E87B44A69EA18C0EC33A109FC78A2 Size:127756 MD5: ACA6D72AA98F3BA4270190AF8C83E576 Size:127756 and more.... %PROGRAMFILES%\Web Offer\wo.exe MD5: D5A77A378C56769701175BBAA6746FCD Size:139264 MD5: D608076ABEE5D9C9D4E6C976CF9B8A2E Size:139264 MD5: 5BF1F2922603589023DA73F2BB07FB34 Size:147456 MD5: 618A3774506D8EDF974701FD3A817214 Size:139264 MD5: 4A002840E0CE2960770076D83BD73D24 Size:147456 MD5: FEE800FE3CEBEBAB11215196C0B774E1 Size:147456 MD5: 0D8B4A2E2A32FEF17138EC7D282A79D9 Size:147456 MD5: 88CE0F32EC0685468D4847B873518A67 Size:147456 MD5: 0464E2CAB437D15D70CED0A52D174CA5 Size:147456 %PROGRAMFILES%\Web Offer\sepng.dll MD5: 22C9B670D1EE6D3BD1724A2193D707AF Size:233472 MD5: A2136E115029CD7A7F1825F546F6B519 Size:233472 MD5: 1ED3B9C890143B3C63B9C6DE129A7FEB Size:233472 MD5: 1A0A673EC45419A3A18245D420326336 Size:233472 MD5: 0A0A7EBC63FE50E686A21A445082A4F1 Size:233472 MD5: 0A8BADF939CA0E291B8C75B8197E8AD2 Size:233472 MD5: 323FB7C5A8A8FB33FA71C3032FBBE3D2 Size:233472 MD5: 98D9DC91A6D0982E953304B2F51DE836 Size:233472 MD5: 203B082A8D530EB4EFB8A4B54E5D2179 Size:233472 MD5: 60369F6A2290115069A3445B709E7251 Size:233472 %WINDIR%\justin.exe MD5: 0AA8FAB66D3DF278CBEF9935041B7CFD Size:115157 %SYSDIR%\ezpopstub.exe MD5: C09B5D849251BE938F9F1F015E9FADD8 Size:65536 MD5: 7ACF51FA113F122450E1CE8030DAC9C0 Size:65536 MD5: 649C438CB6DFA8602F07804219D32C6F Size:69632 MD5: A9E862B13B6A4242E4B0EAAE16E4171F Size:69632 %PROGRAMFILES%\eZula\seng.dll MD5: 1F953141BC260AD9AC451221A097C259 Size:196608 MD5: 7B4B473A8AE6DF1CCEA6D2015D0A59F5 Size:200704 MD5: ABEFDD555402F18CA2EE86E3BB72D7D2 Size:200704 MD5: 2554772AAFF8A8D493BCB69DACC9759A Size:196608 MD5: 1AABB290822EF88FEB5EB447B6639848 Size:196608 %PROGRAMFILES%\eZula\mmod.exe MD5: 644C092F49821C30A006C2EDDBFB8315 Size:192512 MD5: 003CFAE814C3153213E0675CE29284CE Size:180224 MD5: 6A40C88CEE8587B2CB222AD9DFC52DA8 Size:192512 MD5: C6C270B857B975FC357C0A097AC06C55 Size:192512 MD5: D83393705AE29F1EBDB64443AA318424 Size:192512 MD5: DD03408C850476FAF6424137FC15B01C Size:184320 MD5: D6B8F686FAEE6D68B2E7A0BB58EBFF66 Size:192512 MD5: 8A465D94EADDD47AC30078B661181B19 Size:192512 MD5: 2848322F9F493E09FCB6F1418B4A885D Size:192512 MD5: B896E2344A939074C4D825E49E84F4DF Size:192512 %PROGRAMFILES%\eZula\CHCON.dll MD5: CF4C29446DA2044ADF1E329FA0836BDF Size:49152 MD5: 4BC326CBA297A95395628B84755BBDD7 Size:49152 MD5: E18B01EFE14A7CA88AFDAFEF44C1445D Size:49152 %SYSDIR%\ezStub.exe MD5: EC646023AB1578810C997710918AF4AD Size:65536 %WINDIR%\eZinstall.exe MD5: 6E3FD285FD09B0C11A828EA68B30A91B Size:128277 MD5: C06767F1ACAFAE9E2138EFA04C5EF14C Size:128471 MD5: D9026A008613BCBF9E1685BF0F75D41D Size:128258 MD5: BED5BDF1C141289759E77D9ED59D1B72 Size:128324 MD5: 46825958EBB0DFD7536AB96713238BF8 Size:128280 MD5: AEF27CD8E9B5B59C580154215DBE2892 Size:128480 %WINDIR%\woinstall.exe MD5: 7ED3666CB50D38E060A14827E6AEEB97 Size:127800 MD5: 8B630CBF0414A60E85E30A02B4FFA87E Size:127754 %SYSDIR%\ezstub.exe MD5: 7918BC989CC480077E4EF3853C01E6B8 Size:65536
Detected Files with variable Filenames: MD5: 3A938ED2427DF10E571041069E6980CB Size: 162304 %PROGRAMFILES%\Web Offer\UNWISE.EXE %PROGRAMFILES%\eZula\UNWISE.EXE %PROGRAMFILES%\Web Offer\unwise.exe.ren MD5: 31F897C80DA26CB7B6D3B3BC5644D7BE Size: 225345 %PROGRAMFILES%\Web Offer\eapbh.dll %PROGRAMFILES%\Web Offer\eapbh.dll.ren MD5: 4959F74C1EA5BD9CCEBEB06E3CEE2778 Size: 233472 %PROGRAMFILES%\Web Offer\sepng.dll %PROGRAMFILES%\Web Offer\sepng.dll.ren MD5: 8D1B5CB6BF52EBD890538FE8152D5E36 Size: 139264 %PROGRAMFILES%\Web Offer\wo.exe %PROGRAMFILES%\Web Offer\wo.exe.ren MD5: F999B6A88DA57704DB543B9F2D6DFF09 Size: 49152 %PROGRAMFILES%\Web Offer\CHPON.dll %PROGRAMFILES%\Web Offer\CHPON.dll_tobedeleted %PROGRAMFILES%\Web Offer\chpon.dll.ren MD5: 75DD27362B5FD31CF10D3ECF49DE0D74 Size: 49152 %PROGRAMFILES%\eZula\CHCON.dll %PROGRAMFILES%\eZula\CHCON.dll.ren %PROGRAMFILES%\eZula\CHCON.dll_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted_tobedeleted MD5: 4BC326CBA297A95395628B84755BBDD7 Size: 49152 %PROGRAMFILES%\eZula\CHCON.dll %PROGRAMFILES%\eZula\CHCON.dll.ren MD5: 6A40C88CEE8587B2CB222AD9DFC52DA8 Size: 192512 %PROGRAMFILES%\eZula\mmod.exe %PROGRAMFILES%\eZula\mmod.exe.ren MD5: 3A17FB42048F0537C182C3DAA4BD5BFA Size: 81920 %PROGRAMFILES%\Web Offer\apev.exe %PROGRAMFILES%\Web Offer\apev.exe.ren MD5: 8FC40B4CB9302B168D67D804A6108BBD Size: 33792 %SYSDIR%\ghqj.exe %SYSDIR%\eatuyhg.exe %SYSDIR%\ezsys.exe

Detecting items list:

Files by Name %PROGRAMFILES%\eZula\mmod.exe %PROGRAMFILES%\Web Offer\apev.exe %PROGRAMFILES%\Web Offer\wo.exe %Windir%\woinstall.exe %Windir%\eZinstall.exe %DOWNLOADEDPROGRAMFILES%\ezstub.dll %DOWNLOADEDPROGRAMFILES%\ezstub.INF %SysDir%\ezstub.exe %SysDir%\ezpopstub.exe %PROGRAMFILES%\eZula\ezula.dll %ProgramFiles%\eZula\mmod.exe %ProgramFiles%\eZula\seng.dll %ProgramFiles%\eZula\UNWISE.EXE %ProgramFiles%\Web Offer\apev.exe %ProgramFiles%\Web Offer\CHPON.dll %ProgramFiles%\Web Offer\eapbh.dll %ProgramFiles%\Web Offer\sepng.dll %ProgramFiles%\Web Offer\UNWISE.EXE %ProgramFiles%\Web Offer\wo.exe %Windir%\woinstall.exe %Windir%\eZinstall.exe %DOWNLOADEDPROGRAMFILES%\ezstub.dll %DOWNLOADEDPROGRAMFILES%\ezstub.INF %SysDir%\ezstub.exe %SysDir%\ezpopstub.exe %windir%\justin.exe
Files by MD5 MD5: 8FC40B4CB9302B168D67D804A6108BBD Size: 33792
Files by Directories %PROGRAMFILES%\eZula %PROGRAMFILES%\Web Offer %UserProfile%\TopText iLookup %UserProfile%\EARN %ProgramFiles%\Web Offer
Files by CLSID or Name CLSID=8A044397-5DA2-11D4-B185-0050DAB79376 CLSID=C0335198-6755-11D4-8A73-0050DA2EE1BE CLSID=07F0A543-47BA-11D4-8A6D-0050DA2EE1BE CLSID=07F0A545-47BA-11D4-8A6D-0050DA2EE1BE CLSID=19DFB2CB-9B27-11D4-B192-0050DAB79376 CLSID=2079884B-6EF3-11D4-8A74-0050DA2EE1BE CLSID=2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE CLSID=25630B47-53C6-4E66-A945-9D7B6B2171FF CLSID=2BABD334-5C3F-11D4-B184-0050DAB79376 CLSID=370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9 CLSID=3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE CLSID=50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF CLSID=55910916-8B4E-4C1E-9253-CCE296EA71EB CLSID=58359010-BF36-11d3-99A2-0050DA2EE1BE CLSID=6DF5E318-6994-4A41-85BD-45CCADA616F8 CLSID=788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4 CLSID=78BCF937-45B0-40A7-9391-DCC03420DB35 CLSID=9CFA26C0-81DA-4C9D-A501-F144A4A000FA CLSID=A166C1B0-5CDB-447A-894A-4B9FD7149D51 CLSID=B1DD8A69-1B96-11D4-B175-0050DAB79376 CLSID=C03351A4-6755-11D4-8A73-0050DA2EE1BE CLSID=C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE CLSID=D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57 CLSID=E7A05400-4CFA-4DF3-A643-E40F86E8E3D7 CLSID=F75521B8-76F1-4A4D-84B1-9E642E9C51D0 CLSID=07F0A542-47BA-11D4-8A6D-0050DA2EE1BE CLSID=07F0A544-47BA-11D4-8A6D-0050DA2EE1BE CLSID=1823BC4B-A253-4767-9CFC-9ACA62A6B136 CLSID=19DFB2CA-9B27-11D4-B192-0050DAB79376 CLSID=241667A3-EC83-4885-84DD-C2DAAFC1C5EA CLSID=25630B50-53C6-4E66-A945-9D7B6B2171FF CLSID=27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE CLSID=370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9 CLSID=370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9 CLSID=3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE CLSID=3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE CLSID=4FD8645F-9B3E-46C1-9727-9837842A84AB CLSID=58359012-BF36-11D3-99A2-0050DA2EE1BE CLSID=788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4 CLSID=78BCF936-45B0-40A7-9391-DCC03420DB35 CLSID=7EDC96E1-5DD3-11D4-B185-0050DAB79376 CLSID=8A0443A2-5DA2-11D4-B185-0050DAB79376 CLSID=8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE CLSID=955CBF48-4313-4B1F-872B-254B7822CCF2 CLSID=9CFA26C2-81DA-4C9D-A501-F144A4A000FA CLSID=C03351A3-6755-11D4-8A73-0050DA2EE1BE CLSID=C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE CLSID=EF0372DC-F552-11D3-8528-0050DAB79376 CLSID=EF0372DE-F552-11D3-8528-0050DAB79376 CLSID=EFA52460-8822-4191-BA38-FACDD2007910 CLSID=07F0A536-47BA-11D4-8A6D-0050DA2EE1BE CLSID=083FA8F4-84F4-11D4-8A77-0050DA2EE1BE CLSID=370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9 CLSID=3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE CLSID=58359011-BF36-11D3-99A2-0050DA2EE1BE CLSID=8A044396-5DA2-11D4-B185-0050DAB79376 CLSID=9CFA26C0-81DA-4C9D-A501-F144A4A000FA CLSID=9CFA26C1-81DA-4C9D-A501-F144A4A000FA CLSID=BAF13496-8F72-47A1-9CEE-09238EFC75F0 CLSID=C0335197-6755-11D4-8A73-0050DA2EE1BE CLSID=50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF CLSID=A166C1B0-5CDB-447A-894A-4B9FD7149D51 CLSID=3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE
Registry Keys HKCR\AppID\eZulaBootExe.EXE HKCR\AppID\eZulaMain.EXE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula HKCU\Software\eZula HKCU\Software\Web Offer
Registry Values HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ValueName=ezwo

« Go to Software Database

Pesquisar em nosso banco de dados de software

Navegar pelo Banco de dados

Últimas notícias sobre Malware

23. Setembro 2011

Among one of the most active spywares currently is without a doubt Trojan.MicroFake.ba. It attacks in conjunction with Rogue antispyware applications and forces users to purchase these fake applications. Using rootkit techniques is very typical of this Trojan to help it hide from users and the system, making it hard to trace. We recommend regular updating of our database and an active real-time protection with antivirus.

Notícias anteriores sobre malware »