ZHPCleaner - Adware/pups/malware removal tool

Hello.

http://www.nicolascoolman.fr/

Direct download link: http://www.nicolascoolman.fr/download/zhpcleaner-2/

This is a malware/pups/adware removal tool similar to Xplode's AdwCleaner.

This one does a more thorough cleaning so, check the logs (and untick these items you don't want cleaned) before proceeding.

It's gets updated A LOT. That means twice a day or so.

When first run, it will install itself under the %APPDATA%\ZHP folder and it will create two shortcuts on desktop.

To fully remove it,just delete those two shorcuts and the ZHP folder.

Damn it. I am not sure if posting these kind of threads is allowed here. If not, my apologies. And feel free to move this topic to the security section if applicable.

Moved to Security section as you requested.

Just tried it here on xp.

Found some PUPS.

Has the option to check each entry before quarantining.

Nice one, eL_P. :)

Thanks for moving my post Andavari.

Hello eL_PuSHeR - Thank you for providing us with his little gem. For months now I've been having problems with I.E. 11 randomly freezing and/or crashing, and the usual fixes haven't solved anything. During that time, I was running regular scans with Avast, Malwarebytes, and Trend Micro Housecall. Each of them reported no problems with regard to viruses or malware being present on the system. The first time I ran ZHP Cleaner, it reported a browser hijacker had been installed to the Windows registry and quarantined it. Since then, no more problems with I.E. 11. Thanks again. - Derek

The first time I ran ZHP Cleaner, it reported a browser hijacker had been installed to the Windows registry and quarantined it.

IE can seem delicate/touchy to things being added into it. For instance some legit and clean download managers can add their context menu to IE causing problems with the browser, i.e.; crashing, freezing, etc.

@derek,

Any chance in your course of running those scans to try to fix IE that you ran ADWCleaner?

That and ZHP seem very similar.

Yes they are very similar. But it seems ZHP scan is more thorough one.

A word of caution for everyone using this software. Check carefully what you are about to remove. This software has got its share of false positives too.

How often is it updated eL_PuSHeR ?

Adwcleaner is updated every couple of weeks or so.

A word of caution for everyone using this software. Check carefully what you are about to remove. This software has got its share of false positives too.

Noticed that, it offered to remove a few things which are not malicious:

FOUND file: C:\Users\Rob\Downloads\Lollipop Sounds.zip (Adware.Lollipop) [D008263BFE514B4419C2ABE61FC8EC96] - zip file of system sounds from Android Lollipop

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 283000 [Wastelands Interactive] (Adware.AdRoar) - Strategic War in Europe (steam game)

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 283020 [Wastelands Interactive] (Adware.AdRoar) - The Campaign Series: Fall Weiss (steam game)

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 302320 [Wastelands Interactive] (Adware.AdRoar) - Storm over the Pacific (steam game)

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 305390 [Wastelands Interactive] (Adware.AdRoar) - World War 2: Time of Wrath (steam game)

FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 218680 [scribblenauts Unlimited] (PUP.DoRibble) - Scribblenauts Unlimited (steam game)

to name a few. Not sure what their problem with Wastelands Interactive (a game publisher/developer) is.

How often is it updated eL_PuSHeR ?

Adwcleaner is updated every couple of weeks or so.

I'd say once a day. Sometimes twice a day. Today the website seems to be down though.

Noticed that, it offered to remove a few things which are not malicious:

to name a few. Not sure what their problem with Wastelands Interactive (a game publisher/developer) is.

That's curious. I have several Steam games too but I don't get any registry values to clean here.

That's curious. I have several Steam games too but I don't get any registry values to clean here.

Those are very few out of very many I have installed, and of those 5 games, 4 are published and developed by the same firm, so maybe it's just an issue with their installers or some such.

It could be. I ran ZHPCleaner while Steam was running and it didn't detect anything related.

Site is down, maybe?

Site is down, maybe?

Looks like it. I've tried a couple of times over the past few days and get a page that says "Mode Maintenance."

It's now online again and redesigned.

I am a student at geekstogo Malware school and none of my teachers have heard of this program. The exe is flaged as Malware when uploaded to virus total. A flag does not always indicate a posative infection how ever if it's not disgust at geekstogo/bleepingcomputer then i think you would be silly to run the program.

Another point is it instals itself in a common malware location. APPData is where data lives. Not executables.