Language:

English
- English
- Russian
- German
- Spanish
- French

Home & Home OfficeBusinessPartnersClubAbout Security Stronghold

Zero Day Attack Removal: Remove Zero Day Attack Easily

What is Zero Day Attack

Download WiperSoft Antispyware Malware Remediation Tool

Remove Zero Day Attack manually

Get Professional Support

Read Comments

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

Zero Day Attack

smenu.exe

Spyware/trojan

Win32 (Windows XP, Vista, Seven, 8)

Zero day attack software exists itself as a effective machine software, while it in reality causes havoc and injury to your machine. After it is installed, the Zero day attack lurks silently on the attacked comp, invisibly carrying out its misdeeds, such as downloading Zero day attack, while the sacrifice continues on with their normal activities. There were a wheen of acts passed to control installing of program suspecting to be Zero day attack when fighting to remove Zero day attack. The US FTC (FTC) advised on the website to remove Zero day attack, what to do when attempting to perform Zero day attack removal and advocate from Zero day attack with some comely Zero day attack removal tool. Zero day attack that comes cross-bundled with shareware applications may be pictured in the contractual agreements text, especially in condition with Zero day attack removal tools when buyer wants to remove Zero day attack. The act of Zero day attack removal or offer to remove Zero day attack may be designated as legal.

Zero Day Attack intrusion method

Zero Day Attack copies its file(s) to your hard disk. Its typical file name is smenu.exe. Then it creates new startup key with name Zero Day Attack and value smenu.exe. You can also find it in your processes list with name smenu.exe or Zero Day Attack. Also, it can create folder with name Zero Day Attack under C:\Program Files\ or C:\ProgramData.

If you have further questions about Zero Day Attack, please call us on the phone below. It is toll free. Or you can use programs to remove Zero Day Attack automatically below.

Download Spyhunter by Enigma Software

Download this advanced removal tool and solve problems with Zero Day Attack and smenu.exe (download of fix will start immediately):

Download WiperSoft Antispyware to remove Zero Day Attack

* WiperSoft Antispyware was developed to remove threats like Zero Day Attack in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of SpyHunter provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Spyhunter.

Features of WiperSoft Antispyware

Removes all files created by viruses.

Removes all registry entries created by viruses.

You can activate System and Network Guards and forget about malware.

Can fix browser problems and protect browser settings.

Removal is guaranteed - if SpyHunter fails ask for FREE support.

24/7 Spyware Helpdesk Support included into the package.

Download Spyhunter Remediation Tool by Enigma Software

Download antimalware designed specifically to remove threats like Zero Day Attack and smenu.exe (download of fix will start immediately):

Download AntiMalware to remove Zero Day Attack

Features of Spyhunter Remediation Tool

Removes all files created by Zero Day Attack.

Removes all registry entries created by Zero Day Attack.

Fixes browser redirection and hijack if needed.

"Toolbar Remover" tool will help you get rid of unwanted browser extensions.

Removal is guaranteed - if Spyhunter Remediation Tool fails ask for FREE support.

24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with Zero Day Attack and repair Zero Day Attack right now!

Call us using the number below and describe your problem with Zero Day Attack. Support team will offer you solution in several minutes and give a step-by-step instruction on how to remove Zero Day Attack. Trouble-free tech support with over 10 years experience removing malware.

1-877-219-8984

Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

Technical details of Zero Day Attack threat.

Manual Zero Day Attack removal.

Download Zero Day Attack Removal Tool.

How to remove Zero Day Attack manually?

This problem can be solved manually by deleting all registry keys and files connected with Zero Day Attack, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Zero Day Attack.

To get rid of Zero Day Attack, you should:

1. Kill the following processes and delete the appropriate files:

yes[1].exe

privcash.exe

dial[1].exe

soc[1].exe

patch[1].exe

yes.exe

topinst.exe

3b7f7.dll

winmad[1].exe

image.gif.exe

winudu[1].exe

spmk[1].exe

privcash[1].exe

sdfff

fdsf

zxczxc

cdegfr

wdcsadsad

1a41bd.dll

jkt8949kir.tmp

winmaz[1].exe

lt[1].exe

_td7.tmp

adir.dll

_td8.tmp

dminupnp.dll

rdpwiasn.dll

dpmomspr.dll

msimnpwm.exe

_td9.tmp

_tda.tmp

_tdc.tmp

_tdd.tmp

_tde.tmp

_tdf.tmp

_td10.tmp

scane[1].exe

_td11.tmp

_td12.tmp

_td13.tmp

_td14.tmp

_td15.tmp

_td16.tmp

_td17.tmp

_td18.tmp

_td19.tmp

aspi223599.exe

18ej8937i49.tmp

dgrgesrgfdgf.tmp

swprodte.dll

ocmawsnm.exe

~21.tmp

swprodte.exe

~22.tmp

aspi221709.exe

winmaz.exe

winmaz.bat

18930.dll

aspi225159.exe

_td23.tmp

her.pt

iktzetd.dll

bpnqxsf.dll

991.exe

8.tmp

_td1a.tmp

_td1b.tmp

_td1c.tmp

_td1d.tmp

_td1e.tmp

_td1f.tmp

aspi226409.exe

~28.tmp

_td29.tmp

g32.txt

~3.tmp

~4.tmp

www.uniblue[1].com

winmaz[1].bat

_td3.tmp

_td4.tmp

_td5.tmp

_td6.tmp

_tdb.tmp

1c86b.dll

lzx32.sys

p2hhr.bat

kbgtpzb.dll

yaudri.dll

10.bat

aspi221719.exe

aspi228909.exe

aspi226099.exe

ss[1].exe

upperhost.dll

csddriver.sys

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

**Trial version of SpyHunter provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Spyhunter.

2. Delete the following malicious folders:

no information

3. Delete the following malicious registry entries and\or values:

Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
Value: jpeg

Key: CLSID\{855875B5-93F3-429D-FF34-660B206D897C}
Value: ThreadingModel

Key:
SOFTWARE\Classes\CLSID\{855875B5-93F3-429D-FF34-660B206D897C}\InProcServer32
Value: ThreadingModel

Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcdf22a6.exe

Key: Software\Microsoft\Sft

Key: CLSID\{31909793-B14A-18FA-1007-0265051CFC2B}\InprocServer32
Value: ThreadingModel

Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\708adabe.exe

Key: CLSID\{297A111E-5C7F-2744-37B7-08F8EEF35CC6}\InprocServer32

Key: CLSID\{523455E4-ABCD-ABCD-1114-D709ADD3DDAB}\InProcServer32

Key: System\CurrentControlSet\Services\hide_evr2
Value: Type

Key: System\CurrentControlSet\Services\hide_evr2
Value: Start

Key: System\CurrentControlSet\Services\hide_evr2
Value: ErrorControl

Key: System\CurrentControlSet\Services\hide_evr2
Value: ImagePath

Key: System\CurrentControlSet\Services\hide_evr2
Value: DisplayName

Key: System\CurrentControlSet\Services\hide_evr2\Security
Value: Security

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2
Value: NextInstance

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000\Control
Value: *NewlyCreated*

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
Value: Service

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
Value: Legacy

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
Value: ConfigFlags

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
Value: Class

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
Value: ClassGUID

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
Value: DeviceDesc

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
Value: Count

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
Value: NextInstance

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value: AppInit_DLLs
Data: e1.dll

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
Value: Startup

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
Value: Shutdown

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
Value: Impersonate

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
Value: Asynchronous

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
Value: Image

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value: AppInit_DLLs
Data: e1.dll dpmomspr.dll dminupnp.dll

Key: System\CurrentControlSet\Services\aspi113210
Value: Type

Key: System\CurrentControlSet\Services\aspi113210
Value: Start

Key: System\CurrentControlSet\Services\aspi113210
Value: ErrorControl

Key: System\CurrentControlSet\Services\aspi113210
Value: ImagePath

Key: System\CurrentControlSet\Services\aspi113210
Value: DisplayName

Key: System\CurrentControlSet\Services\aspi113210\Security
Value: Security

Key: System\CurrentControlSet\Services\aspi113210
Value: ObjectName

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210
Value: NextInstance

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000\Control
Value: *NewlyCreated*

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
Value: Service

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
Value: Legacy

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
Value: ConfigFlags

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
Value: Class

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
Value: ClassGUID

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
Value: DeviceDesc

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
Value: Count

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
Value: NextInstance

Key: System\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000\Control
Value: ActiveService

Key: Software\Microsoft\swprodte
Value: RepB

Key: System\CurrentControlSet\Services\aspi113210
Value: ImagePath

Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Value: {855875B5-93F3-429D-FF34-660B206D897C}

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
Value: DllName

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
Value: Startup

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
Value: Shutdown

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
Value: Impersonate

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
Value: Asynchronous

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value: AppInit_DLLs
Data: dpmomspr.dll dminupnp.dll

Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value: AppInit_DLLs
Data: dpmomspr.dll dminupnp.dll e1.dll

Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
Value: fake

Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
Value: inject

Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_HIDE_EVR2\0000\Control
Value: ActiveService

Key: System\CurrentControlSet\Services\CsdDriver
Value: ImagePath

Key: System\CurrentControlSet\Services\CsdDriver
Value: DisplayName

Key: System\CurrentControlSet\Services\CsdDriver\Security
Value: Security

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER
Value: NextInstance

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000\Control
Value: *NewlyCreated*

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
Value: Service

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
Value: Legacy

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
Value: ConfigFlags

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
Value: Class

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
Value: ClassGUID

Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
Value: DeviceDesc

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
Value: Count

Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
Value: NextInstance

Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_CSDDRIVER\0000\Control
Value: ActiveService

Key: System\CurrentControlSet\Services\CsdDriver
Value: Type

Key: System\CurrentControlSet\Services\CsdDriver
Value: Start

Key: System\CurrentControlSet\Services\CsdDriver
Value: ErrorControl

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

4. Manually fix browser problems

Zero Day Attack can affect your browsers which results in browser redirection or search hijack. We recommend you to use free option "Reset Browsers" under "Tools" in Spyhunter Remediation Tool to reset all the browsers at once. Mention that you need to remove all files and kill all processes belonging to Zero Day Attack before doing this. To reset your browsers manually and restore your homepage perform the following steps:

Internet Explorer

If you use Windows XP, click Start, and then click Run. Type the following in the Open box without quotes, and press Enter: "inetcpl.cpl"
If you use Windows 7 or Windows Vista, click Start. Type the following in the Search box without quotes, and press Enter: "inetcpl.cpl"
Click the Advanced tab
In Reset Internet Explorer settings, click Reset. Click Reset in opened window again.
Select Delete personal settings checkbox to remove browsing history, search providers, homepage
After Internet Explorer finishes resetting, click Close in the Reset Internet Explorer Settings dialog box

Warning: In case this option will not work use free option Reset Browsers under Tools in Spyhunter Remediation Tool.

Google Chrome

Go to the installation folder of Google Chrome: C:\Users\"your username"\AppData\Local\Google\Chrome\Application\User Data.
In the User Data folder, look for a file named as Default and rename it to DefaultBackup.
Launch Google Chrome and a new clean Default file will be created.

Warning: This option might not work if in Google Chrome you use online synchronization between PCs. In this case use free option Reset Browsers under Tools in Spyhunter Remediation Tool.

Mozilla Firefox

Open Firefox
Go to Help > Troubleshooting Information in menu.
Click the Reset Firefox button.
After Firefox is done, it will show a window and create folder on the desktop. Click Finish.

Warning: This option will also clean all your account passwords for all websites. If you don't want it use free option Reset Browsers under Tools in Spyhunter Remediation Tool.

Information provided by: Aleksei Abalmasov

Here are the descriptions of problems connected with Zero Day Attack and smenu.exe we received earlier:

Problem Summary: 991.exe boots automatically

when my computer starts up a lot numbers.exe apears on my task manager includling 991.exe and a lot of other .exe programs that i got installed on my pc

Problem was successfully solved. Ticket was closed.

Visitors are also interested in: remove mydoom

« Back to catalog