Security Stronghold security made easy

Zero Day Attack Removal: Remove Zero Day Attack Easily


* What is Zero Day Attack

* Download WiperSoft Antispyware Malware Remediation Tool

* Remove Zero Day Attack manually

* Get Professional Support

* Read Comments


Threat indicator: HIGH

Threat's profile

Name of the threat:

Command or file name:

Threat type:

Affected OS:

Zero Day Attack

smenu.exe

Spyware/trojan

Win32 (Windows XP, Vista, Seven, 8)


Zero day attack software exists itself as a effective machine software, while it in reality causes havoc and injury to your machine. After it is installed, the Zero day attack lurks silently on the attacked comp, invisibly carrying out its misdeeds, such as downloading Zero day attack, while the sacrifice continues on with their normal activities. There were a wheen of acts passed to control installing of program suspecting to be Zero day attack when fighting to remove Zero day attack. The US FTC (FTC) advised on the website to remove Zero day attack, what to do when attempting to perform Zero day attack removal and advocate from Zero day attack with some comely Zero day attack removal tool. Zero day attack that comes cross-bundled with shareware applications may be pictured in the contractual agreements text, especially in condition with Zero day attack removal tools when buyer wants to remove Zero day attack. The act of Zero day attack removal or offer to remove Zero day attack may be designated as legal.


Zero Day Attack intrusion method

Zero Day Attack copies its file(s) to your hard disk. Its typical file name is smenu.exe. Then it creates new startup key with name Zero Day Attack and value smenu.exe. You can also find it in your processes list with name smenu.exe or Zero Day Attack. Also, it can create folder with name Zero Day Attack under C:\Program Files\ or C:\ProgramData.

If you have further questions about Zero Day Attack, please call us on the phone below. It is toll free. Or you can use programs to remove Zero Day Attack automatically below.


Download SpyHunter by Enigma Software Group LLC

Download this advanced removal tool and solve problems with Zero Day Attack and smenu.exe (download of fix will start immediately):

Download WiperSoft Antispyware to remove Zero Day Attack

* WiperSoft Antispyware was developed to remove threats like Zero Day Attack in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of SpyHunter provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Spyhunter.

Features of WiperSoft Antispyware

* Removes all files created by viruses.

* Removes all registry entries created by viruses.

* You can activate System and Network Guards and forget about malware.

* Can fix browser problems and protect browser settings.

* Removal is guaranteed - if SpyHunter fails ask for FREE support.

* 24/7 Spyware Helpdesk Support included into the package.


Download Stronghold AntiMalware by Security Stronghold LLC

Download antimalware designed specifically to remove threats like Zero Day Attack and smenu.exe (download of fix will start immediately):

Download AntiMalware to remove Zero Day Attack

Features of Stronghold Antimalware

* Removes all files created by Zero Day Attack.

* Removes all registry entries created by Zero Day Attack.

* Fixes browser redirection and hijack if needed.

* "Toolbar Remover" tool will help you get rid of unwanted browser extensions.

* Removal is guaranteed - if Stronghold AntiMalware fails ask for FREE support.

* 24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Let our support team solve your problem with Zero Day Attack and repair Zero Day Attack right now!

support person

Call us using the number below and describe your problem with Zero Day Attack. Support team will offer you solution in several minutes and give a step-by-step instruction on how to remove Zero Day Attack. Trouble-free tech support with over 10 years experience removing malware.


1-877-219-8984


Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

Here you can also learn:

* Technical details of Zero Day Attack threat.

* Manual Zero Day Attack removal.

* Download Zero Day Attack Removal Tool.


How to remove Zero Day Attack manually?

This problem can be solved manually by deleting all registry keys and files connected with Zero Day Attack, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Zero Day Attack.

To get rid of Zero Day Attack, you should:

file logo

1. Kill the following processes and delete the appropriate files:

  • yes[1].exe
  • privcash.exe
  • dial[1].exe
  • soc[1].exe
  • patch[1].exe
  • yes.exe
  • topinst.exe
  • 3b7f7.dll
  • winmad[1].exe
  • image.gif.exe
  • winudu[1].exe
  • spmk[1].exe
  • privcash[1].exe
  • sdfff
  • fdsf
  • zxczxc
  • cdegfr
  • wdcsadsad
  • 1a41bd.dll
  • jkt8949kir.tmp
  • winmaz[1].exe
  • lt[1].exe
  • _td7.tmp
  • adir.dll
  • _td8.tmp
  • dminupnp.dll
  • rdpwiasn.dll
  • dpmomspr.dll
  • msimnpwm.exe
  • _td9.tmp
  • _tda.tmp
  • _tdc.tmp
  • _tdd.tmp
  • _tde.tmp
  • _tdf.tmp
  • _td10.tmp
  • scane[1].exe
  • _td11.tmp
  • _td12.tmp
  • _td13.tmp
  • _td14.tmp
  • _td15.tmp
  • _td16.tmp
  • _td17.tmp
  • _td18.tmp
  • _td19.tmp
  • aspi223599.exe
  • 18ej8937i49.tmp
  • dgrgesrgfdgf.tmp
  • swprodte.dll
  • ocmawsnm.exe
  • ~21.tmp
  • swprodte.exe
  • ~22.tmp
  • aspi221709.exe
  • winmaz.exe
  • winmaz.bat
  • 18930.dll
  • aspi225159.exe
  • _td23.tmp
  • her.pt
  • iktzetd.dll
  • bpnqxsf.dll
  • 991.exe
  • 8.tmp
  • _td1a.tmp
  • _td1b.tmp
  • _td1c.tmp
  • _td1d.tmp
  • _td1e.tmp
  • _td1f.tmp
  • aspi226409.exe
  • ~28.tmp
  • _td29.tmp
  • g32.txt
  • ~3.tmp
  • ~4.tmp
  • www.uniblue[1].com
  • winmaz[1].bat
  • _td3.tmp
  • _td4.tmp
  • _td5.tmp
  • _td6.tmp
  • _tdb.tmp
  • 1c86b.dll
  • lzx32.sys
  • p2hhr.bat
  • kbgtpzb.dll
  • yaudri.dll
  • 10.bat
  • aspi221719.exe
  • aspi228909.exe
  • aspi226099.exe
  • ss[1].exe
  • upperhost.dll
  • csddriver.sys

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.

**Trial version of SpyHunter provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Spyhunter.

windows folder logo

2. Delete the following malicious folders:

no information

windows registry logo

3. Delete the following malicious registry entries and\or values:

  • Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
    Value: jpeg
  • Key: CLSID\{855875B5-93F3-429D-FF34-660B206D897C}
    Value: ThreadingModel
  • Key:
    SOFTWARE\Classes\CLSID\{855875B5-93F3-429D-FF34-660B206D897C}\InProcServer32

    Value: ThreadingModel
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dcdf22a6.exe
  • Key: Software\Microsoft\Sft
  • Key: CLSID\{31909793-B14A-18FA-1007-0265051CFC2B}\InprocServer32
    Value: ThreadingModel
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\708adabe.exe
  • Key: CLSID\{297A111E-5C7F-2744-37B7-08F8EEF35CC6}\InprocServer32
  • Key: CLSID\{523455E4-ABCD-ABCD-1114-D709ADD3DDAB}\InProcServer32
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: Type
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: Start
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: ErrorControl
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\hide_evr2
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\hide_evr2\Security
    Value: Security
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_HIDE_EVR2\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\hide_evr2\Enum
    Value: NextInstance
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: e1.dll
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Startup
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Shutdown
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Impersonate
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Asynchronous
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acac
    Value: Image
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: e1.dll dpmomspr.dll dminupnp.dll
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: Type
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: Start
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ErrorControl
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\aspi113210\Security
    Value: Security
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ObjectName
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ASPI113210\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\aspi113210\Enum
    Value: NextInstance
  • Key: System\CurrentControlSet\Enum\Root\LEGACY_ASPI113210\0000\Control
    Value: ActiveService
  • Key: Software\Microsoft\swprodte
    Value: RepB
  • Key: System\CurrentControlSet\Services\aspi113210
    Value: ImagePath
  • Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    Value: {855875B5-93F3-429D-FF34-660B206D897C}
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: DllName
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Startup
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Shutdown
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Impersonate
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swprodte
    Value: Asynchronous
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: dpmomspr.dll dminupnp.dll
  • Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value: AppInit_DLLs
    Data: dpmomspr.dll dminupnp.dll e1.dll
  • Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
    Value: fake
  • Key: SYSTEM\CurrentControlSet\Control\InitRegKey\mod
    Value: inject
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_HIDE_EVR2\0000\Control
    Value: ActiveService
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: ImagePath
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: DisplayName
  • Key: System\CurrentControlSet\Services\CsdDriver\Security
    Value: Security
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000\Control
    Value: *NewlyCreated*
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: Service
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: Legacy
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: ConfigFlags
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: Class
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: ClassGUID
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CSDDRIVER\0000
    Value: DeviceDesc
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
    Value: Count
  • Key: SYSTEM\CURRENTCONTROLSET\SERVICES\CsdDriver\Enum
    Value: NextInstance
  • Key: SYSTEM\CURRENTCONTROLSET\ENUM\Root\LEGACY_CSDDRIVER\0000\Control
    Value: ActiveService
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: Type
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: Start
  • Key: System\CurrentControlSet\Services\CsdDriver
    Value: ErrorControl

Warning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use WiperSoft Antispyware Malware Remediation Tool for safe problem solution.


4. Manually fix browser problems

Zero Day Attack can affect your browsers which results in browser redirection or search hijack. We recommend you to use free option "Reset Browsers" under "Tools" in Stronghold AntiMalware to reset all the browsers at once. Mention that you need to remove all files and kill all processes belonging to Zero Day Attack before doing this. To reset your browsers manually and restore your homepage perform the following steps:

internet explorer logo

Internet Explorer

  • If you use Windows XP, click Start, and then click Run. Type the following in the Open box without quotes, and press Enter: "inetcpl.cpl"

  • If you use Windows 7 or Windows Vista, click Start. Type the following in the Search box without quotes, and press Enter: "inetcpl.cpl"

  • Click the Advanced tab

  • In Reset Internet Explorer settings, click Reset. Click Reset in opened window again.

  • Select Delete personal settings checkbox to remove browsing history, search providers, homepage

  • After Internet Explorer finishes resetting, click Close in the Reset Internet Explorer Settings dialog box

Warning: In case this option will not work use free option Reset Browsers under Tools in Stronghold AntiMalware.

google chrome logo

Google Chrome

  • Go to the installation folder of Google Chrome: C:\Users\"your username"\AppData\Local\Google\Chrome\Application\User Data.

  • In the User Data folder, look for a file named as Default and rename it to DefaultBackup.

  • Launch Google Chrome and a new clean Default file will be created.

Warning: This option might not work if in Google Chrome you use online synchronization between PCs. In this case use free option Reset Browsers under Tools in Stronghold AntiMalware.

mozilla firefox logo

Mozilla Firefox

  • Open Firefox

  • Go to Help > Troubleshooting Information in menu.

  • Click the Reset Firefox button.

  • After Firefox is done, it will show a window and create folder on the desktop. Click Finish.

Warning: This option will also clean all your account passwords for all websites. If you don't want it use free option Reset Browsers under Tools in Stronghold AntiMalware.

Information provided by: Aleksei Abalmasov

DMCA.com Protection Status

Here are the descriptions of problems connected with Zero Day Attack and smenu.exe we received earlier:

Problem Summary: 991.exe boots automatically

when my computer starts up a lot numbers.exe apears on my task manager includling 991.exe and a lot of other .exe programs that i got installed on my pc

Problem was successfully solved. Ticket was closed.

Visitors are also interested in: remove mydoom

« Back to catalog

Home | Partners | Shop | Support | Terms of use | Contact Us | Privacy Policy | Sitemap

Copyright © 2019 Security Stronghold. All Rights Reserved. All content on this website is protected and belongs to Security Stronghold LLC.