Solved! how to remove zerohorizon.net virus

[kikani.kautik]

i tried possible all things but automatically open new tab zerohorizon.net site in google chrome. any expert level answer ?
how to to remove this without reinstall or reset windows 7

 

[Saga Lout]

Go to www.malwarebytes.org and download the free version - not the trial version. Instal and update it and it should deal swiftly with the nasty stuff.

After that you may as well uninstall it because it works best when you download the latest issue.

 

[kikani.kautik]

Hi, Saga Lout

Thank you for provide best solutions. i have tried it but zerohorizon.net virus is still there. any other way to resolve this issue ?

 

[Saga Lout]

Whichever you're using, you need to start off by clearing all the browsing History, all Cookies and all search History as well. Go this site https/www.majorgeeks.com/mg/getmirror/trend_micro_hijackthis,1.html to download HijackThis

Follow the instructions to run it then when you see the results page, copy it and paste it here and I'll look over it and suggest which to tick items to remove.

Don't use the browser until you and I have got together and done some work on it.

 

[kikani.kautik]

Whichever you're using, you need to start off by clearing all the browsing History, all Cookies and all search History as well. Go this site https/www.majorgeeks.com/mg/getmirror/trend_micro_hijackthis,1.html to download HijackThis

Follow the instructions to run it then when you see the results page, copy it and paste it here and I'll look over it and suggest which to tick items to remove.

Don't use the browser until you and I have got together and done some work on it.

Thanks for your service

 

[kikani.kautik]

Not Resolve : Every time generate new link and i have also blocked DNS but problem is still there
http/zerohorizon.net/2018/12/06/alexa-can-now-find-the-right-amazon-music-playlist-by-having-a-conversation-with-you/

 

[kikani.kautik]

Whichever you're using, you need to start off by clearing all the browsing History, all Cookies and all search History as well. Go this site https/www.majorgeeks.com/mg/getmirror/trend_micro_hijackthis,1.html to download HijackThis

Follow the instructions to run it then when you see the results page, copy it and paste it here and I'll look over it and suggest which to tick items to remove.

Don't use the browser until you and I have got together and done some work on it.

http/zerohorizon.net/2018/12/06/alexa-can-now-find-the-right-amazon-music-playlist-by-having-a-conversation-with-you/

Not Resolve : Every time generate new link and i have also blocked DNS but problem is still there

 

[Saga Lout]

Are you going to let me see the results of the HJT scan?

I may be able to help but I can't do anything just sitting here with no information to work on.

 

[kikani.kautik]

Are you going to let me see the results of the HJT scan?

I may be able to help but I can't do anything just sitting here with no information to work on.

Dear Saga Lout,
Thank you for give best solutions,

As per our conversion HJT result is ready.

See here HJT result :

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:33:09 AM, on 12/08/2018
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)


Boot mode: Normal

Running processes:
C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe
E:\Software\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http/go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http/go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http/go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http/go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1718D2F-18AB-4B00-9346-88A465BA6C46}: NameServer = 192.168.0.1,8.8.8.8
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agent Server 7.3 - Quick Heal Technologies Ltd. - C:\PROGRA~2\Seqrite\ENDPOI~1.3\Admin\ACASSRVC.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Realtime Behavior Detection (arwsrvc) - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\ARWSRVC.EXE
O23 - Service: Behavior Detection System - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\bdssvc.exe
O23 - Service: Client Agent 7.3 - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Cagent\ACCASRVC.EXE
O23 - Service: Core Mail Protection - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\EMLPROXY.EXE
O23 - Service: Core Scanning Server - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\SAPISSVC.EXE
O23 - Service: Core Scanning ServerEx - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\SAPISSVC.EXE
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Mysql For EPS 7.3 - Unknown owner - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Admin\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Online Protection System - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\opssvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PwRecoveryBundleService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Quick Update Service - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\quhlpsvc.exe
O23 - Service: RepairService - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\reprsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Seqrite Endpoint Security Helper Service WSC (ScanWscS) - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\SCANWSCS.EXE
O23 - Service: Core Browsing Protection (ScSecSvc) - Quick Heal Technologies Ltd. - C:\Program Files (x86)\Seqrite\Endpoint Security 7.3\Seqrite\ScSecSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Manager 7.3 - Quick Heal Technologies Ltd. - C:\PROGRA~2\Seqrite\ENDPOI~1.3\Updmgr\UMNGRSVC.EXE
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 8608 bytes

 

[Saga Lout]

I'll look at it properly in a while but first, uninstall Team Viewer and restart the system. Then in Control Panel>System>Remote tab, untick the box that allows remote control. Apply and OK your way out and restart the machine again.

More later.

 

[Saga Lout]

Tick to remove every entry below, please, then so long as you've uninstalled Team Viewer, restart the machine and post back if you still see any problems.
.
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1718D2F-18AB-4B00-9346-88A465BA6C46}: NameServer = 192.168.0.1,8.8.8.8
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

 

[kikani.kautik]

Tick to remove every entry below, please, then so long as you've uninstalled Team Viewer, restart the machine and post back if you still see any problems.
.
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1718D2F-18AB-4B00-9346-88A465BA6C46}: NameServer = 192.168.0.1,8.8.8.8
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

Dear Saga Lout,

Thank you so much for give me great solutions and i have a good news for you.
zerohorizon.net virus is removed permanently by you.

Thank you so much sir
Have a Greate Job
Good Luck!!

 

[Saga Lout]

I'm glad it fixed but I have to say the remote control programme, Team Viewer, didn't install in your system without some input at your end.

Be careful not to links in any e-mail, particularly those from addresses you don't know. I have my doubts about your security utility. I believe Windows Defender would have flagged that invasion as soon as it got in.

 

[kikani.kautik]

I'm glad it fixed but I have to say the remote control programme, Team Viewer, didn't install in your system without some input at your end.

Be careful not to links in any e-mail, particularly those from addresses you don't know. I have my doubts about your security utility. I believe Windows Defender would have flagged that invasion as soon as it got in.

Dear sir,

Thank you for your suggetion
Have a great day

Thanks and Regards
Kautik Kikani