asked on

Zestyfind -- Getting Rid of as home page

Not a question: My home page was changed to zestyfind.com. No matter what I tried (changing to another through IE, running virus, spyware and adware programs) it would be there each time I booted up. I wrote to the Zestyfind.com webmaster and got the following reply:
(7.16.03) I applogize for the situation you are in. This is not the way we intend
it to work and is actually a glitch which should be fixed by tomorrow.
Again I truley applologize for this. You can clean your system by
downloading this: http://69.57.136.5/ads/clearer.exe

This got rid of it and I was once again able to make my home page whatever I wanted through conventional IE means. I then ran spyware program to make sure nothing else had arrived with it. Am providing this as others may be plagued with the Zestyfind.

trywaredk

http://69.57.136.5/ADS/clearer.exe

ADS is short for ADvertiSing on spyware internetservers.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

MrYowler

I'm always suspicious of websites that do not have hostnames which would be connected to whatever they purport to offer. I'd really have expected this to show up on a hostname within the "Zestyfind.com" domain, if it were legitimate in any way, shape, or form (and within the limited context described by the posting member).

It would be WAY too easy for this to be a low-grade attempt to socially engineer people into installing this dovesie2's favorite trojan program...

trywaredk

You don't tell us if you ran SpyBot or AdAware ???

You should immidiately run AdAware (removes spyware) because no one except zestyfind know's what's in the clearer.exe file. Don't ever run such ones any more.
https://www.experts-exchange.com/questions/20661331/Weird-windows-task-and-Zestyfind-com-seem-to-be-slowing-down-my-computer.html

trywaredk

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

ASKER CERTIFIED SOLUTION

trywaredk

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

dovesie2

ASKER

I ran Ad Aware both before and after I ran the program provided by Zestyfind. Ad aware did not help with the Zesty find issue (though it found other things on my computer) beforehand. But it found nothing after I ran the program provided by Zestyfind. Hey I am not an IT expert, hacker and so forth - yikes - this is just the only site where I found ANY reference to the Zestyfind dilemma, so I thought I'd share the only solution I found. Thanks for the pointers though, this site is how I found Ad Aware...

dovesie2

ASKER

I ran Ad Aware both before and after I ran the program provided by Zestyfind. Ad aware did not help with the Zesty find issue (though it found other things on my computer) beforehand. And it found nothing after I ran the program provided by Zestyfind either. Hey I am not an IT expert, hacker (!) and so forth - yikes - this is just the only site where I found ANY reference to the Zestyfind dilemma and is also where I found out about Ad Aware. I was so thankful, I just so I thought I'd share the only solution I found. Also, I have McAfee virus protection and firewall, is that an undesireable choice? Again, thanks for all the pointers...

schworak

Did you ever find a way to get ZESTYFIND out of your system? I have tried every tool in my collection and it keeps coming back.

sparkyamy

HHHEEELLLLPPPP! This zestyfind thing is killing me too. I emailed the webmaster (webmaster @zestyfind.com) with some good hatemail and never got a response, go figure. He's probably laughing at me now. I've run Ad Aware, I've got the norton anti-virus and firewall. I ran trend housecall the other day to no avail. Am I just missing where this thing lives on my computer or do they just keep ramming it down my throat. I need help before I go off the edge and go Format C:

schworak

Be careful when removing this application. I am not exactly sure what exe was the top level installer app but while attempting to track it down more and more apps kept getting installed. Then my internet connection stopped working and finally BOOM! I had to reinstall windows this afternoon.

Not a happy guy!

masuro

I'm trying to get rid of zestyfind. Does anyone know how?

nuschel

Symantec has posted removal instructions at this link:

http://sarc.com/avcenter/venc/data/adware.zestyfind.html

nuschel

UPDATE TO PREVIOUS COMMENT

If the Symantec instructions do not work, go to merijn.org and download the kill2me fix tool. This repaired the problems on a system I've been working on.

trywaredk

:o) Glad I could help you - thank you for the points

BTW: All that I've collected about malware is now available at http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

JJNSS70

There are NO LONGER msg### files.

They are using random names now, and much worse!

The {msg) find will find some of the old files that
are no longer active...

Go to regedit (regedt32 in 2K)
Expand:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\Guardian<-
*Make a note of the file name there, in System32.

RightClick (top menu>permissions in 2K)>
permissions, uncheck box: "Allow inheritibale permissions"..
Hit ok, and REMOVE on next prompt.
-Restart computer!
Find and delete the <file> that was in that key
along with it's companion from System32:
<file name>.cpy.dll
Go back to registry editor>recheck the permissions box on
that key, right click>
Delete the 'Guardian' folder.

Run SpyBot+Ad-Aware to remove the rest of
the keys+files.

***NOTE: In addition to that they 'hacked' the main
System account of the entire Administartion group!
Some functions (as per the error above) will no longer
work on the system even AFTER the cr@p is gone!

Fixes to restore Admin Groups policies:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q329887 (2K)
http://support.microsoft.com/default.aspx?scid=kb;en-us;313222