EoRezo

By Sumo3000 in Adware

Threat Scorecard

Ranking:	440
Threat Level:	20 % (Normal)
Infected Computers:	1,613,697

First Seen:	April 28, 2010
Last Seen:	April 19, 2024
OS(es) Affected:	Windows

Microsoft has classified EoRezo as an adware infection. This Browser Helper Object (a kind of browser add-on for Internet Explorer) is disguised as a beneficial application that claims to connect you with interesting a useful content. However, EoRezo's main purpose is to spam its victims with constant, annoying, pop-up advertisements. EoRezo also engages in other practices that have been linked to malware infections rather than to legitimate Windows applications. Despite EoRezo's claim that EoRezo is interactive and designed to lead you to the content targeted to your own preferences, EoRezo simply displays advertisements from a predefined list (most probably of websites and services that have payed for EoRezo's services in one way or another). According to ESG PC security researchers, EoRezo does not seem to contain any redeeming features. A careful look at this browser toolbar reveals that EoRezo is simply one more advertising tool, designed to infringe on your privacy and force you to view a variety of advertisements (generating revenue illegally in the process). Since EoRezo makes changes to the Windows Registry and to your system settings, removing EoRezo will necessarily involve using a reliable, fully-updated anti-malware application.

Table of Contents

How EoRezo Can Affect Your Computer System

There are several things on EoRezo that have convinced malware analysts to regard EoRezo as a malware infection rather than a legitimate content-delivery system (such as StumbleUpon or the Reddit toolbar). Below, ESG PC security researchers have listed five ways in which EoRezo affects your computer system:

EoRezo can connect to another server, in order to download its configuration files. This connection may happen without the user's authorization.
This remote connection is a two-way street. EoRezo can send out information about your browsing habits and online activity to a remote server.
EoRezo changes your home page settings and default search engine. This change can occur both on Internet Explorer and Mozilla Firefox (the two most popular Internet browsers).
EoRezo connects to remote servers such as eorezo.com and alpha00001.com.
EoRezo displays a constant barrage of advertisements in the form of annoying pop-up windows.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
Panda	Adware/BHO
AntiVir	Adware/EoRezo.A.72
BitDefender	Application.Generic.384998
Avast	Win32:Eorezo-B [PUP]
AVG	Generic5.GFU
Ikarus	Win32.Malware
Microsoft	Adware:Win32/EoRezo
AntiVir	Adware/EoRezo.N.2
McAfee	Artemis!45CF2095378A
AntiVir	TR/Agent.974848.7
McAfee	Artemis!06D4FED19763
AVG	Generic4.BZWZ
Sophos	Eorezo
AntiVir	Adware/EoRezo.E.9
Comodo	UnclassifiedMalware

SpyHunter Detects & Remove EoRezo

File System Details

EoRezo may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	bSeeG8Dtsj.exe	2b5765fa33cdf900c1fe19ad9e38a91a	2,016
Name: bSeeG8Dtsj.exe MD5: 2b5765fa33cdf900c1fe19ad9e38a91a Size: 240.12 KB (240128 bytes) Detections: 2,016 Type: Executable File Path: C:\Windows.old.000\Program Files\Windows Defender\3RP1KC5EUUKOX5BYEP3UQ1730CT4F3ZSZ673422MV\bSeeG8Dtsj.exe Group: Malware file Last Updated: April 19, 2024
2.	da2-y93atm.exe	68518535700af96f78aab5ba356eb6be	929
Name: da2-y93atm.exe MD5: 68518535700af96f78aab5ba356eb6be Size: 69.12 KB (69120 bytes) Detections: 929 Type: Executable File Path: %PROGRAMFILES%\microsoft office\9w7qhrk4npxmyhrw8c4lkl\da2-y93atm.exe Group: Malware file Last Updated: January 29, 2024
3.	c9-08bX_Uq.exe	acb795c9a587100bbe9daf9b3de86fbe	699
Name: c9-08bX_Uq.exe MD5: acb795c9a587100bbe9daf9b3de86fbe Size: 1.57 MB (1578496 bytes) Detections: 699 Type: Executable File Path: %PROGRAMFILES%\Windows Photo Viewer\U13C4NSLJU420TD24Q9HM2PLL9D\c9-08bX_Uq.exe Group: Malware file Last Updated: April 17, 2023
4.	LlrU&JD3QD.exe	89052d3fa007d7ac9bac7d2f794ffa46	680
Name: LlrU&JD3QD.exe MD5: 89052d3fa007d7ac9bac7d2f794ffa46 Size: 358.91 KB (358912 bytes) Detections: 680 Type: Executable File Path: %PROGRAMFILES%\Windows Sidebar\HPNEFKEMY3EO7X92QIGYT5Q0G8EMQUH\LlrU&JD3QD.exe Group: Malware file Last Updated: November 29, 2022
5.	404wfJSXFb.exe	dd0d67502265c9b55183dd0257489b19	619
Name: 404wfJSXFb.exe MD5: dd0d67502265c9b55183dd0257489b19 Size: 111.61 KB (111616 bytes) Detections: 619 Type: Executable File Path: %PROGRAMFILES%\Windows Multimedia Platform\8UI0ZVZGYU6T64FBVZOJJ1CS6T3\404wfJSXFb.exe Group: Malware file Last Updated: April 10, 2022
6.	Yq5gPZjCvX.exe	98b9644afd4de7674189556ca819b8e1	357
Name: Yq5gPZjCvX.exe MD5: 98b9644afd4de7674189556ca819b8e1 Size: 146.94 KB (146944 bytes) Detections: 357 Type: Executable File Path: %COMMONPROGRAMFILES%\N5M7KN\Yq5gPZjCvX.exe Group: Malware file Last Updated: August 31, 2020
7.	DTHLjesd0y.exe	b88955cbf36ca817df7ab5d64415b056	344
Name: DTHLjesd0y.exe MD5: b88955cbf36ca817df7ab5d64415b056 Size: 238.59 KB (238592 bytes) Detections: 344 Type: Executable File Path: C:\Program Files\Windows Sidebar\LN5DPKV45LBVOHR9ELVL0AJBB\DTHLjesd0y.exe Group: Malware file Last Updated: October 14, 2022
8.	4571303.exe	44032440596aa42cbb4bae2ff902b25b	343
Name: 4571303.exe MD5: 44032440596aa42cbb4bae2ff902b25b Size: 5.39 MB (5392896 bytes) Detections: 343 Type: Executable File Path: F:\Program Files (x86)\Formation\4571303.exe Group: Malware file Last Updated: October 27, 2021
9.	2Vi3oO42mK.exe	6ced69cedb214f99015dc43a008e399f	272
Name: 2Vi3oO42mK.exe MD5: 6ced69cedb214f99015dc43a008e399f Size: 604.16 KB (604160 bytes) Detections: 272 Type: Executable File Path: C:\Program Files\Windows Mail\ELAAXEQM6ASPSF6VXU5AJS02MI7\2Vi3oO42mK.exe Group: Malware file Last Updated: May 28, 2023
10.	trz6CF8.tmp	c47c904c27b70bce5f4ca0a4d97ff659	266
Name: trz6CF8.tmp MD5: c47c904c27b70bce5f4ca0a4d97ff659 Size: 545.79 KB (545792 bytes) Detections: 266 Type: Temporary File Path: C:\WINDOWS\Windows Mail\RNIH88BR4KUITO1LAZR9RNJ5\trz6CF8.tmp Group: Malware file Last Updated: December 27, 2021
11.	&p#oqrzfgf.exe	205d9b12e59328c8e57ac92aa16ee3f8	187
Name: &p#oqrzfgf.exe MD5: 205d9b12e59328c8e57ac92aa16ee3f8 Size: 216.06 KB (216064 bytes) Detections: 187 Type: Executable File Path: %PROGRAMFILES%\k-lite codec pack x64\19xcr4a7jp7 Group: Malware file Last Updated: April 12, 2020
12.	LYFP.exe	b70ba5c079f815e03a95e004723404ad	172
Name: LYFP.exe MD5: b70ba5c079f815e03a95e004723404ad Size: 541.69 KB (541696 bytes) Detections: 172 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\LYFPI9RRVS\LYFP.exe Group: Malware file Last Updated: September 27, 2021
13.	qV65-8lNN-.exe	ba4fc752a7d74b9a67b7f6a1a8075660	154
Name: qV65-8lNN-.exe MD5: ba4fc752a7d74b9a67b7f6a1a8075660 Size: 238.59 KB (238592 bytes) Detections: 154 Type: Executable File Path: C:\Program Files\Realtek\E50ZZDE5S5C8MUEDRU7Q67RX\qV65-8lNN-.exe Group: Malware file Last Updated: February 11, 2021
14.	2brkriuga_.exe	e280f49856c7cb7dd7de659742957ecd	138
Name: 2brkriuga_.exe MD5: e280f49856c7cb7dd7de659742957ecd Size: 206.33 KB (206336 bytes) Detections: 138 Type: Executable File Path: %PROGRAMFILES%\windowspowershell\d4pebmnuz6zfpmsn4a6gldtk52fw5xo0e Group: Malware file Last Updated: April 15, 2020
15.	owajxdaa'o.exe	5003ed514dae595cf15c0b68af607b62	86
Name: owajxdaa'o.exe MD5: 5003ed514dae595cf15c0b68af607b62 Size: 290.3 KB (290304 bytes) Detections: 86 Type: Executable File Path: %PROGRAMFILES%\tap-windows\rs3tlurqbqf5rmztr2v Group: Malware file Last Updated: March 1, 2022
16.	j_&6_0k4jP.exe	1800c30708a43555338cfadda8cff829	72
Name: j_&6_0k4jP.exe MD5: 1800c30708a43555338cfadda8cff829 Size: 479.74 KB (479744 bytes) Detections: 72 Type: Executable File Path: C:\Program Files\Windows Mail\QX12GXXIBLNLQ6T Group: Malware file Last Updated: April 28, 2020
17.	z79hbçt-s#.exe	190f8a1dc601f30ad7e3768fbcf8ea6e	14
Name: z79hbçt-s#.exe MD5: 190f8a1dc601f30ad7e3768fbcf8ea6e Size: 536.06 KB (536064 bytes) Detections: 14 Path: %PROGRAMFILES%\Windows Mail\VPER3IM7BVRF13QK03TBX7A1PCUXT9VHIICMBZJ\z79hbçt-s#.exe Group: Malware file Last Updated: June 26, 2020
18.	714338509.exe	f56bcfa60e398b14e1b746e68b9329e6	13
Name: 714338509.exe MD5: f56bcfa60e398b14e1b746e68b9329e6 Size: 486.4 KB (486400 bytes) Detections: 13 Type: Executable File Path: %PROGRAMFILES%\optic\714338509.exe Group: Malware file Last Updated: June 27, 2020
19.	710282148.exe	f47425b1b9b9e6b8da09110c404858ae	6
Name: 710282148.exe MD5: f47425b1b9b9e6b8da09110c404858ae Size: 571.39 KB (571392 bytes) Detections: 6 Type: Executable File Path: %PROGRAMFILES(x86)%\charkoucha Group: Malware file Last Updated: August 23, 2019
20.	550802537.exe	5589be52bae041ddad72cc24e0845d08	6
Name: 550802537.exe MD5: 5589be52bae041ddad72cc24e0845d08 Size: 515.07 KB (515072 bytes) Detections: 6 Type: Executable File Path: %PROGRAMFILES(x86)%\zbidi Group: Malware file Last Updated: October 9, 2019
21.	516459642.exe	dd6c5e4a7cad80c8b4949f4d13952359	4
Name: 516459642.exe MD5: dd6c5e4a7cad80c8b4949f4d13952359 Size: 703.48 KB (703488 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES%\omek Group: Malware file Last Updated: August 23, 2019
22.	247435605.exe	1179589e86eb3a7e03b6c89e2586ebfb	4
Name: 247435605.exe MD5: 1179589e86eb3a7e03b6c89e2586ebfb Size: 799.23 KB (799232 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES(x86)%\docroto Group: Malware file Last Updated: August 23, 2019
23.	582164585.exe	b53bdabd915570eeb2f60a86761240f9	3
Name: 582164585.exe MD5: b53bdabd915570eeb2f60a86761240f9 Size: 714.75 KB (714752 bytes) Detections: 3 Type: Executable File Path: %PROGRAMFILES(x86)%\avkzd Group: Malware file Last Updated: August 23, 2019
24.	458222505.exe	89b78aa279c12d96f31e3bddbd9740ac	3
Name: 458222505.exe MD5: 89b78aa279c12d96f31e3bddbd9740ac Size: 719.87 KB (719872 bytes) Detections: 3 Type: Executable File Path: %PROGRAMFILES(x86)%\vivida Group: Malware file Last Updated: August 23, 2019
25.	C:\Documents and Settings\\Application Data\EoRezo\SoftwareUpdateHP.exe
Name: C:\Documents and Settings\<username>\Application Data\EoRezo\SoftwareUpdateHP.exe Type: Executable File Group: Malware file
26.	C:\Program Files\eoRezo\EoEngine.exe
Name: C:\Program Files\eoRezo\EoEngine.exe Type: Executable File Group: Malware file
27.	C:\Program Files\eoRezo\eoRezo.exe
Name: C:\Program Files\eoRezo\eoRezo.exe Type: Executable File Group: Malware file

More files

Registry Details

EoRezo may create the following registry entry or registry entries:

CLSID

{18AF7201-4F14-4BCF-93FE-45617CF259FF}

{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}

{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}

{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}

File name without path

lightcleaner.lnk

lightcleanerlightcleaner.exe

lightcleanerlightcleaner.tmp

Lightening Media Player.lnk

LighteningMediaPlayerInstall.exe

Speedycar.lnk

Regexp file mask

%PROGRAMFILES%\filters\xec.exe

%PROGRAMFILES%\host\idscservice.exe

%PROGRAMFILES%\host\w_network.exe

%PROGRAMFILES%\host\wizzcaster.exe

%PROGRAMFILES(x86)%\app\Wizard.exe

%PROGRAMFILES(x86)%\filters\xec.exe

%PROGRAMFILES(x86)%\host\idscservice.exe

%PROGRAMFILES(x86)%\host\wizzcaster.exe

%PROGRAMFILES(x86)%\pf\oo.exe

%PROGRAMFILES(x86)%\Pipe\[NUMBERS].exe

%TEMP%\avboost[RANDOM CHARACTERS].exe

%TEMP%\speedycar[RANDOM CHARACTERS].exe

%TEMP%\texttotalk.exe

%USERPROFILE%\Desktop\texttotalk.lnk

%WINDIR%\System32\Tasks\GoogleUpdateSecurityTaskMachine_[RANDOM CHARACTERS]

HKEY..\..\..\..{RegistryKeys}

HKLM\SOFTWARE\Classes\AppID\EoEngineBHO.DLL

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011101220111013

HKLM\Software\EoRezo\"HostGUID"

SOFTWARE\Classes\cible

SOFTWARE\Classes\tsckmna

Software\EoRezo

Software\Lightcleaner

SOFTWARE\LighteningPlayer

Software\MAL\Speedycar

SOFTWARE\Microsoft\2ups

SOFTWARE\Microsoft\APreSam

SOFTWARE\Microsoft\avboostcampaign114

SOFTWARE\Microsoft\bestavicampaign563

Software\Microsoft\BigTime

SOFTWARE\MICROSOFT\campaign9961

SOFTWARE\Microsoft\DMunversion

SOFTWARE\Microsoft\DskFX

Software\Microsoft\Etsy

SOFTWARE\Microsoft\FstCar

SOFTWARE\Microsoft\MPrForShutT

Software\Microsoft\MPrForWeathI

Software\Microsoft\MTPreC_B

Software\Microsoft\MTPreC_Qn

SOFTWARE\MICROSOFT\multitimercampaign84170

SOFTWARE\Microsoft\PrAmNP

SOFTWARE\Microsoft\PShutdTime

SOFTWARE\Microsoft\shutdowntimecampaign5651

Software\Microsoft\ShutTPreAm

Software\Microsoft\ShutTPreIc

Software\Microsoft\ShutTPreJ

Software\Microsoft\ShutTPreShM

SOFTWARE\MICROSOFT\Speedycar

Software\MICROSOFT\TechnologyDesktopnew

SOFTWARE\Microsoft\Tracing\AfficheOne_RASAPI32

SOFTWARE\Microsoft\Tracing\AfficheOne_RASMANCS

SOFTWARE\Microsoft\Tracing\i_network_RASAPI32

SOFTWARE\Microsoft\Tracing\i_network_RASMANCS

SOFTWARE\Microsoft\Tracing\LighteningMediaPlayerInstall_RASAPI32

SOFTWARE\Microsoft\Tracing\LighteningMediaPlayerInstall_RASMANCS

SOFTWARE\Microsoft\Tracing\o_network_RASAPI32

SOFTWARE\Microsoft\Tracing\o_network_RASMANCS

SOFTWARE\Microsoft\Tracing\wizzcaster_RASAPI32

SOFTWARE\Microsoft\Tracing\wizzcaster_RASMANCS

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Speedycar

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WeatherInspect

SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}

Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}

Software\Picture\PictureprocessingToolsV1.0

Software\Picture\seescenicelfc

Software\Picture\seescenicelfq

Software\Picture\seescenicelfu

SOFTWARE\T4pc

Software\UniversalCadast

SOFTWARE\Wow6432Node\EoRezo

SOFTWARE\Wow6432Node\Microsoft\DMunversion

SOFTWARE\Wow6432Node\Microsoft\PrAmNP

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Speedycar

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WeatherInspect

SOFTWARE\Wow6432Node\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

SOFTWARE\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}

Software\Wow6432Node\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}}

SOFTWARE\Wow6432Node\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}

SYSTEM\ControlSet001\Services\AppApcVerifier

SYSTEM\ControlSet002\Services\AppApcVerifier

SYSTEM\CurrentControlSet\Services\AppApcVerifier

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

bestDownloader_is1

comoBoss_is1

eoEngine_is1

eoRezo_is1

LighteningPlayer

maintenance software_is1

Speedycar_is1

texttotalk

WeatherInspect_is1

Directories

EoRezo may create the following directory or directories:

%ALLUSERSPROFILE%\AppApcVerifier

%ALLUSERSPROFILE%\Application Data\AppApcVerifier

%APPDATA%\EoRezo

%APPDATA%\lighteningplayer

%LOCALAPPDATA%\combroadcaster

%PROGRAMFILES%\Ajc

%PROGRAMFILES%\BeCleaner

%PROGRAMFILES%\Caster

%PROGRAMFILES%\ComoBo

%PROGRAMFILES%\EoRezo

%PROGRAMFILES%\KokoMoss

%PROGRAMFILES%\Koruko

%PROGRAMFILES%\LighteningPlayer

%PROGRAMFILES%\Speedycar

%PROGRAMFILES%\WeatherInspect

%PROGRAMFILES%\WinCaster

%PROGRAMFILES%\YEha

%PROGRAMFILES%\bestDownloader

%PROGRAMFILES%\browseextension

%PROGRAMFILES%\comoBoss

%PROGRAMFILES%\documentss

%PROGRAMFILES%\elansurfer

%PROGRAMFILES%\lightcleaner

%PROGRAMFILES%\texttotalk

%PROGRAMFILES%\tuto100_ar_21

%PROGRAMFILES(X86)%\Caster

%PROGRAMFILES(x86)%\Ajc

%PROGRAMFILES(x86)%\BeCleaner

%PROGRAMFILES(x86)%\ComoBo

%PROGRAMFILES(x86)%\EoRezo

%PROGRAMFILES(x86)%\KokoMoss

%PROGRAMFILES(x86)%\Koruko

%PROGRAMFILES(x86)%\LighteningPlayer

%PROGRAMFILES(x86)%\Parklands

%PROGRAMFILES(x86)%\Speedycar

%PROGRAMFILES(x86)%\WeatherInspect

%PROGRAMFILES(x86)%\WinCaster

%PROGRAMFILES(x86)%\YEha

%PROGRAMFILES(x86)%\bestDownloader

%PROGRAMFILES(x86)%\browseextension

%PROGRAMFILES(x86)%\comoBoss

%PROGRAMFILES(x86)%\documentss

%PROGRAMFILES(x86)%\elansurfer

%PROGRAMFILES(x86)%\lightcleaner

%PROGRAMFILES(x86)%\texttotalk

%PROGRAMFILES(x86)%\tuto100_ar_21

%TEMP%\bestDownloader

%UserProfile%\Local Settings\Application Data\combroadcaster

EnigmaSoft's SpyHunter Scores 100% with AV-TEST in 2024

Search

Change Region

EoRezo

Threat Scorecard

EnigmaSoft Threat Scorecard

How EoRezo Can Affect Your Computer System

Aliases

SpyHunter Detects & Remove EoRezo

File System Details

Registry Details

Directories

Submit Comment

Trending

Uazq Ransomware

PDFSpark

Remor.xyz

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?