Jump to content

unable to remove Mezaa Adware


larryccf
 Share

Recommended Posts

first, i have gone thru your instructions, and have attached the EEK and FRST scan reports. I have been using Emisoft's Anti-Malware for 3-4 years now. Also am running Windows 7 X64

 

I noticed in my control panel's list of programs, one titled MEZAA – apparently this is an Adware program. But it had been there for some time.

  • In searching the web, I found a forum indicating the best way to remove Mezaa is to use the “un-installer” that came with it, and then this stmt about Mezaa: “If you were unable to use the uninstaller that came with Mezaa and you used Malwarebytes Anti-Malware to remove the potentially unwanted program, there will be a dll inserted in your LSP stack. This was not removed because that could possibly break your internet connection. Read the additional guide in the reply to this topic.”

I tried to un-install it using it’s own “un-installer function” and instead it caused 90% of the icons on my desktop to go non-functional, ie programs wouldn’t open, Mozilla firefox would open but couldn’t find the server, same with Outlook, and computer boot files become corrupted.

 

I then installed a backup copy of my computer’s disk and did an un-install using my control panel un-install function. Then a third time, after emisoft found it, I selected “delete it” in the emisoft panel – each time with same result, computer’s OS became functionless. Interestingly, when Emisoft found Mezaa the first two times, all it showed was “Mezza” with the notation, no risk. The 3rd time it noted “medium” risk.

I have since re-installed the backup copy a 3rd time, updated Emisoft and ran a full scan a third time, this time it found two instances of it, apparently installed and running – see report “a2scan_141019-095318.txt”.  Unfortunately I didn’t save those reports, and after spending all night reloading my C drive, I can’t remember for certain whether emisoft deleted or quarantined the two instances, and the log pages on emisoft are empty.

 

FYI, Mezaa shows to be even on the backup disk from Sept 14, 2014 – I do full backups every two weeks. So apparently it’s existed on my computer without creating any apparent chaos for awhile. It’s only when you attempt to remove it that it does it’s damage.

 

Now, after running the EEK scan, under Smart Scan, it found no instances of it, but Mezaa is still listed in my control panel’s list of programs and under the C > Programs Files (X86). EEK scan report attached.

 

any assistance is appreciated

Link to comment
Share on other sites

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Link to comment
Share on other sites

thanks - i've downloaded adw and jrt files and will use them tonite on the home computer

 

fyi, it's sine been contained by emisoft - i quit trying to un-install it, and let emisoft quarantine it, and two "sub" versions of it that emsisoft would flag during daily scan, then went into msconfig and found one file titled "MezvcV1" and the other "MezvcV2" under the services tab. I dis-abled or unchecked both as well as unchecking "Mezaa" under the Startup tab. Since doing that night before last, yesterday morning's Emisoft scan reported no instance of it during the scan.

 

i'll report back with the logs you've asked for

Link to comment
Share on other sites

Went home for an early lunch and ran the two programs, in the order described

attached are the log files

 

interestingly, after removal, i experienced a "mild" version of inoperability of the computer, ie some icons when clikked on, would not open, other items like creating a new folder in documents folder would not open or operate, but would let me create a new folder on the desktop and then drag /paste it over to the documents folder

 

but for the hey of it, i shut down (after sacrificing a few chickens and repeating some magical phrases) and rebooted and all is working fine - think i'll let it operate like this for a few days and then do a clone backup

 

i'll check back this evening for any further suggestions

 

tks

Link to comment
Share on other sites

am responding from my laptop - came home from work and wife indicated the computer "wasn't working". Sat down and most functionality was dead, nothing would open when clikked on, dvd player wouldn't respond or was even recognized under the computer tree or directory

 

right now i've got a backup i'd just made after emsisoft had quarantined it, being restored or cloned back to the computer

 

i was able to get into msconfig and found "mezaa tray" listed under the startup tab -

 

i'll try to run the EEK and FRST in the morning before heading into the shop - luckily i'm the owner so i can run a bit late

Link to comment
Share on other sites

as i had to restore a backup copy i first ran the AdwCleaner and JRT - note that on the backup, the Mezaa files had been unchecked in msconfig "services" and "startup" - they didn't show up in this morning's Emsisoft daily scan

 

i just ran the EEK and FRST scans and attached those

Link to comment
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
2014-10-21 19:20 - 2014-10-21 19:20 - 00000000 ____D () C:\Users\larryccf\AppData\Roaming\6209
2014-10-19 16:55 - 2014-10-19 16:55 - 00000000 ____D () C:\Users\larryccf\AppData\Roaming\3418
Reg: reg delete "HKEY_USERS\S-1-5-21-3098083626-563222691-3457487783-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3098083626-563222691-3457487783-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to comment
Share on other sites

done

it went smooth as a mayo sandwich

fixlog.txt attached

 

went and checked under msconfig and found under the services tab, all instances of the Mezaa file were now absent, but under the startup tab,

"Mezaa tray" still exists, and the little i can view (the window will not open but so large, under location is: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion...."

(the .... being the portion hidden to the right)

and in copying that location, i noticed a file above and below the Mezaa tray have the same "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion...."

 

and then down a couple of lines, three files w/mgfr identified as either Sony, Nvidia or unknown, again have that same location description ?

 

correction, there are about 12-14 with different names (from adobe to UPS) with that same location description

 

anything to worry about?

Link to comment
Share on other sites

Changing tools.

Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Attach the RogueKiller report to your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan
Link to comment
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...