Help in eliminating zipitfast zshellAD.dll

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by hitme64, Oct 11, 2004.

  1. hitme64

    hitme64 Private E-2

    i received zipitfast thru e-mail and inadvertently installed it and found that it had replaced my winzip program. it also hijacked the homepage at ie, so i had to uninstall it and run avg and ccleaner to remove the startpage trojan. despite uninstall, zipitfast retained its folder zipitpro and some files so i manually deleted them except zshellAD.dll which could not be deleted (access is denied). also, the zipitfast icons remain on the trays and i have not found any uninstaller or spyware program to remove these.

    what do i do?
     
    hitme64, Oct 11, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You probably need to unregister the DLL first before deleting it.

    You don't see anything else related to it in Add/Remove programs? What about in your Startup?
    You should follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    After that if you are still having a problem, read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Oct 11, 2004
    #2
  3. hitme64

    hitme64 Private E-2

    yes chaslang thank you but i have tried doing everything on the sticky thread re basic spyware, trojan and virus removal. it however did remove some known viruses in my system that have been popping up now and again, i.e. i-worm/plexus, etc. but the problem still is that it had failed to identify the zshellAD.dll in the zipitpro folder as either malware or spyware. previous comments at download.com indicate that this seems to be a perennial problem with zipitfast that despite uninstallation, the .dll file still remains and so are its icons on the tray. it also removed the winzip program.

    how do you go about unregistering the dll file? besides, the zipitfast prog does not anymore appear anywhere in the add/remove programs nor in the registry (after regedit), but the dll still could not be removed as well as its folder (there is always the "access is denied" notification) everytime i try manually deleting it.

    i would have tried downloading and installing the zipitfast program again despite its so-called uninstaller bug fix but it looked like it was the same program that i installed earlier that started this whole thing in the first place.

    now what else can i do?
     
    hitme64, Oct 12, 2004
    #3
  4. snakefoot

    snakefoot Sergeant Major

    What operating system ?

    Think easy way would be to install the application again, and then boot in safemode and uninstall it.

    If that is not possible then perform these steps:
    1. Try to unregister the DLL:
    2. Delete the DLL by opening a command prompt and close all explorer.exe processes and then delete the DLL-file using the command prompt.
     
    snakefoot, Oct 12, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Snakefoot has given you the command to unregister the DLL. It may be necessary to reboot in safe mode afterwards to delete the file then reboot in normal mode and see if you still have problems.

    If so, post your HJT log as I indicated below in my first message.
     
    chaslang, Oct 12, 2004
    #5
  6. hitme64

    hitme64 Private E-2

    yes i did install the application again but arrived at the same difficult process of uninstall. still the same thing...zshellAD.dll is still in the directory as well as the zipitfast icons. zipitfast site has not confirmed any process of uninstalling their application as of yet. i think they won't be helping in this regard.

    will try to do snakefoot's advice of unregistering the file. be back in a short while.
     
    hitme64, Oct 12, 2004
    #6
  7. hitme64

    hitme64 Private E-2

    no can do. first, windows can't find "regsrv32". am using windows xp.
     
    hitme64, Oct 12, 2004
    #7
  8. snakefoot

    snakefoot Sergeant Major

    Sorry my fault it is:
     
    snakefoot, Oct 13, 2004
    #8
  9. hitme64

    hitme64 Private E-2

    oh ok. will try...thanks again.
     
    hitme64, Oct 13, 2004
    #9
  10. hitme64

    hitme64 Private E-2

    hehehe...you've done it snakefoot...its gone. at last and winzip is back. just had it installed. thanks again.
     
    hitme64, Oct 13, 2004
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds