zzbrenkzx.exe removal instructions

zzbrenkzx.exe claims to be genuine Microsoft Windows file when right-clicking the file and looking at the version info. The files states to be a “Restart Manager LUA Restart Client”.  A VirusTotal scan clearly shows that we cannot trust the version information attached to the file:

  • Avast Win32:Malware-gen
  • eSafe Win32.Trojan
  • Norman W32/Suspicious_Gen4.AJROJ
  • Fortinet W32/Gimemo.UWH!tr
  • Comodo UnclassifiedMalware
  • Antiy-AVL Trojan/Win32.Jorik.gen
  • TheHacker Trojan/Jorik.Lolbot.apq
  • Jiangmin Trojan/Jorik.enjy
  • Kaspersky Trojan.Win32.Jorik.Lolbot.apq
  • VIPRE Trojan.Win32.Generic!BT
  • DrWeb Trojan.KillFiles.9354
  • CAT-QuickHeal Trojan.Jorik.Lolbot.apq
  • VBA32 Trojan.Jorik.Lolbot.apq
  • Emsisoft Trojan-Downloader.Win32.Ransom!IK
  • Ikarus Trojan-Downloader.Win32.Ransom
  • K7AntiVirus Trojan
  • TrendMicro-HouseCall TROJ_GEN.R49C7FK
  • TrendMicro TROJ_GEN.R49C7FK
  • Panda Trj/Genetic.gen
  • AntiVir TR/Crypt.ZPACK.Gen2
  • AVG Generic28.BQJJ
  • McAfee Generic.dx!b2yf
  • McAfee-GW-Edition Generic.dx!b2yf
  • BitDefender Gen:Variant.Barys.2215
  • F-Secure Gen:Variant.Barys.2215
  • GData Gen:Variant.Barys.2215
  • Microsoft DoS:Win32/SynFlood.I
  • ESET-NOD32 a variant of Win32/Injector.SOU

Pretty decent detection rate I’d say. 29 out of 46 anti-virus programs detects it. This clearly shows that the version information attached to files cannot be trusted, unless the file is digitally signed.

zzbrenkzx.exe removal instructions

  1. Reboot your computer.
  2. While your machine is rebooting, tap F8. The Advanced Boot Options should appear.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight safe mode and press ENTER. The computer should now start in safe mode.
  4. Start Windows Explorer.
  5. Browse to the folder where zzbrenkzx.exe is located.
  6. Right-click zzbrenkzx.exe and select Delete.

Did this solve your problem?

Advertisements

NTRedirect.dll uninstall instructions

When I came in for work today my colleague Anders asked for some assistance. He had sort of issue with his computer at home. Since this wasn’t work I couldn’t help him right away, so we decided to have a look at it during lunch.

During lunch Anders was kind enough to buy me a take-away kebab-roll and we got started by using TeamViewer to connect to his home computer.

I ran a scan for recently modified files and a file called NTRedirect.dll, in the c:\users\Anders\appdata\roaming\babsolution\shared\ directory came up. My first thought was that the file had something to do with the Babylon Toolbar.

We sent NTRedirect.dll to VirusTotal and it was detected as a trojan by both the AhnLab-V3 and TrendMicro-HouseCall scanners.

With these detection result we didn’t need any further research and got straight into deleting the file, and the lunch was over.

I advised Anders to run a AVG and Avira scan when he got home from work.

NTRedirect.dll removal instructions

The following instructions shows how to remove NTRedirect.dll manually using the built-in Windows tools:

  1. Reboot your machine.
  2. While your computer is rebooting, tap F8. The Advanced Boot Options should appear after a while.
  3. On the Advanced Boot Options screen, use the arrow keys to select safe mode and press ENTER. Your machine should now start in safe mode.
  4. Start Windows Explorer by pressing the Windows button and E.
  5. Open up the c:\users\%USERNAME%\appdata\local\softwareupdater\ folder.
  6. Delete NTRedirect.dll.

We didn’t find out how the NTRedirect.dll file found its way into Anders machine, but he was glad we managed to delete it.

Do you know how NTRedirect.dll was installed on your computer? Please share by posting a comment.

QuickShare.exe by smart bar – Adware removal instructions

Today a colleague asked me whh QuickShare.exe was running on his computer. We ran QuickShare.exe through the anti-virus scanners at VirusTotal and QuickShare.exe was detected as adware by some of the scanners:

  • VIPRE Adware.Linkury (fs)
  • ESET-NOD32 a variant of Win32/Toolbar.Linkury.A

QuickShare.exe removal instructions

SmartBar can be uninstalled from the Windows Control Panel.

Did this solve your problem? Please post a comment to let me know.

Thanks for reading!

softwareupdservice.exe removal instructions

Something that has always bugged me with programs on Windows is the large number of processes that runs 24/7 with a single purpose: To check if there is a new update available and if so download and install it. -“Not another one” was my first thought when I found softwareupdservice.exe.

What is softwareupdservice.exe?

Well, I was wrong. I don’t think the purpose of softwareupdservice.exe is to check for updates after I ran it though the anti-virus scanners at VirusTotal:

  • Jiangmin Worm/Fipp.byb
  • Kingsoft Win32.Hack.MSIL.(kcloud)
  • VIPRE Trojan.Win32.Generic!BT
  • Norman Suspicious_Gen4.AJRKR
  • McAfee RDN/Generic BackDoor!cl
  • McAfee-GW-Edition RDN/Generic BackDoor!cl
  • Sophos Power Offer
  • Panda Generic Malware
  • TheHacker Backdoor/MSIL.Agent.gvh
  • Antiy-AVL Backdoor/MSIL.Agent.gen
  • VBA32 Backdoor.MSIL.Agent
  • AVG BackDoor.Generic16.PKM

If you see softwareupdservice.exe running on your machine I suggest you remove ASAP.

softwareupdservice.exe removal instructions

  1. Reboot your computer.
  2. While your computer is rebooting, tap F8. The Advanced Boot Options should appear.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight safe mode and press ENTER. The computer should now start in safe mode.
  4. Start Windows Explorer.
  5. Browse to c:\users\%USER%\appdata\local\softwareupdater\
  6. Delete softwareupdservice.exe.

Did this solve the problem?

webcakedesktop.exe removal instructions

Got webcakedesktop.exe on your computer and want to know how to uninstall it? Then you’ve come to the right place.

webcakedesktop.exe is a file that comes with the WebCake software which shows ads in your browsers. Unless you like ads while browsing, you might want to remove WebCake.

Luckily, it’s easy to uninstall. Just open up the Windows Control Panel and in the Programs and Features you can find WebCake and uninstall it.

egdpsvc.exe by Banyan Tree Technology Limited

egdpsvc.exe is bad news. Here are some of the detections when I uploaded the egdpsvc.exe file, which is signed by “Banyan Tree Technology Limited”:

  1. Kingsoft Win32.Troj.Generic.a.(kcloud)
  2. TrendMicro-HouseCall TROJ_GEN.F47V0729
  3. PCTools SecurityRisk.exqWebSearch
  4. Symantec exqWebSearch
  5. VIPRE Elex Installer (fs)
  6. McAfee Artemis!37C247EF437D
  7. ESET-NOD32 a variant of Win32/ELEX.M

egdpsvc.exe removal instructions

  1. Reboot your machine.
  2. While your computer is rebooting, tap F8. The Advanced Boot Options should appear.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight safe mode and press ENTER. The computer should now start in safe mode.
  4. Start Windows Explorer.
  5. Browse to the folder where egdpsvc.exe is located.
  6. Delete egdpsvc.exe.

Did this solve your problem?

QuickShare.exe by Smartbar – Removal instructions

Oh dear, QuickShare.exe is adware. Check out the VirusTotal results:

  1. NANO-Antivirus Trojan.Win32.MulDrop4.bldhpj
  2. DrWeb Trojan.MulDrop4.24551
  3. TrendMicro-HouseCall TROJ_GEN.RCBH1D5
  4. Fortinet Adware/MSIL_Agent
  5. MicroWorld-eScan Adware.SmartBar.C
  6. nProtect Adware.SmartBar.C
  7. Emsisoft Adware.MSIL.Agent.AMN (A)
  8. VBA32 AdWare.MSIL.Agent
  9. VIPRE Adware.Linkury (fs)
  10. Agnitum Adware.Agent!C0NuXQPpZqs
  11. ESET-NOD32 a variant of Win32/Toolbar.Linkury.A

QuickShare.exe removal instructions

No problem, just uninstall QuickShare from the Windows Control Panel.

Was this info helpful?