Dmitry Sokolov recommends UnHackMe!
UnHackMe is a powerful tool against malware.UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!
PUA.Win32.ZvuZona.bA also known as Generic.2DC, Win-PUP/ZonaInstaller.
Malware Analysis of PUA.Win32.ZvuZona.bA – ZCHROME.EXE
Created files:
%Appdata%\Zona\plugins\zupdater\manifest.json
%Appdata%\Zona\plugins\zupdater\plugin.properties
%Appdata%\Zona\plugins\zupdater\zchrome.exe
%Appdata%\Zona\plugins\zupdater\ZonaUpdater.exe
%Appdata%\Zona\plugins\zupdater\zupdater.ext.jar
Autostart registry keys:
HKLM\Software\Classes\Applications\Zona.exe\shell\open\command\: “”%Program Files%\Zona\Zona.exe” “%1″”
HKLM\Software\Classes\DHT\shell\open\command\: “”C:\PROGRA~1\Zona\Zona.exe” “%1″”
HKLM\Software\Classes\Magnet\shell\open\command\: “”C:\PROGRA~1\Zona\Zona.exe” “%1″”
HKLM\Software\Classes\Zona\shell\open\command\: “”C:\PROGRA~1\Zona\Zona.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zona\DisplayName: “Zona”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zona\UninstallString: “%Program Files%\Zona\uninstall.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zona)\DisplayName: “Zona”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Zona: “%Program Files%\Zona\Zona.exe /MINIMIZED”
Detected by UnHackMe:
ZCHROME.EXE
Default location: %APPDATA%\ZONA\PLUGINS\ZUPDATER\ZCHROME.EXE
Dropper hash(md5): b982c89fe7d6125703fc8ccd43fe1f7c
UnHackMe
removes malware invisible for your antivirus!
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.