Solved

How do I remove Zestyfind from my registry?

Posted on 2004-04-09
7
1,175 Views
Last Modified: 2013-12-04
I've tried Adaware and various virius protection software, but I still can't get Zestyfind to go away.  I know I need to remove it from my registry but I don't know where it would be located.  I know how to use the registry editor.
0
Comment
Question by:padmae3000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 200 total points
ID: 10794215
Use spybot ,ad-ware ,CWshredder and post the log from Hijackthis here

After installing them, First Update them and then run

Spyware/Adware removal tools:
------------------------------

What is spyware : http://www.spychecker.com/spyware.html

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.spychecker.com/program/hijackthis.html 

Pest Patrol : http://www.pestpatrol.com/
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 200 total points
ID: 10794217
Check these registry entries

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar

and remove zestyfind if you find them there
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10794219
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10796424
Protecting your computer can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected the last 4 years.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Assisted Solution

by:trywaredk
trywaredk earned 50 total points
ID: 10796431
If the above does'nt help, then do it the hard way.

Download these 2 and run them, while you let yourself being infected by www.zestyfind.com again.

Sysinternals registrymonitor:
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Sysinternals filemonitor:
http://www.sysinternals.com/ntw2k/source/filemon.shtml

Afterwords you have logged everything that happened in your registry and on your harddrive, and know what to remove.
0
 

Author Comment

by:padmae3000
ID: 10796745
To help the next person, you also must remove the following from your registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\Guardian


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


HKEY_CLASSES_ROOT\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10800401
:o) Glad we could help you - thank you for the points
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
internet access from windows servers 4 89
deny local logon 12 130
Removing local Admin rights from users 8 86
Mode / vector of infections and attacks 3 40
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question