Removal instructions for WizLine

Metallica · October 10, 2014

What is WizLine?

The Malwarebytes research team has determined that WizLine is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by WizLine?

You may see this toolbar in your list of Toolbars and Extensions:

and this toolbar in Internet Explorer:

How did WizLine get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove WizLine?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted.

Is there anything else I need to do to get rid of WizLine?

No, Malwarebytes' Anti-Malware removes WizLine completely.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the WizLine adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

Technical details for experts

You will see these signs in a HijackThis log:

O3 - Toolbar: WizLineToolBar - {A28C812E-9967-447B-A842-C386DF16B3FB} - C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dllO8 - Extra context menu item: &Sample Toolband Serach - res://C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll/MENUSEARCH.HTM

Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Users\{username}\AppData\Roaming\WizLine       Adds the file WizLine.dll"="8/27/2014 6:45 AM, 222792 bytes, A       Adds the file WizLineAgent.exe"="8/11/2014 5:58 AM, 38472 bytes, A       Adds the file WizLineUninstall.exe"="5/29/2014 12:27 PM, 30280 bytes, A       Adds the file wzcart.exe"="8/27/2014 6:57 AM, 3753544 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file WizLine"="10/10/2014 2:33 PM, 3356 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}]       "(Default)"="REG_SZ", "WizLineToolBar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\InprocServer32]       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\ProgID]       "(Default)"="REG_SZ", "WizLine.WizLineToolBar.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\TypeLib]       "(Default)"="REG_SZ", "{D7092E5D-315B-465E-84F5-6C4A5667E96F}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\VersionIndependentProgID]       "(Default)"="REG_SZ", "WizLine.WizLineToolBar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}]       "(Default)"="REG_SZ", "IToolBandObj"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}\TypeLib]       "(Default)"="REG_SZ", "{D7092E5D-315B-465E-84F5-6C4A5667E96F}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj]       "(Default)"="REG_SZ", "WizLineToolBar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID]       "(Default)"="REG_SZ", "{A28C812E-9967-447B-A842-C386DF16B3FB}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer]       "(Default)"="REG_SZ", "WizLine.WizLineToolBar.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1]       "(Default)"="REG_SZ", "WizLineToolBar"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1\CLSID]       "(Default)"="REG_SZ", "{A28C812E-9967-447B-A842-C386DF16B3FB}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0]       "(Default)"="REG_SZ", "WizLine 1.0 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]       "{A28C812E-9967-447B-A842-C386DF16B3FB}"="REG_BINARY, (zero length data)    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Sample Toolband Serach]       "(Default)"="REG_SZ", "res://C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll/MENUSEARCH.HTM"       "Contexts"="REG_BINARY,     [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A28C812E-9967-447B-A842-C386DF16B3FB}]       "Flags"="REG_DWORD", 1024       "VerCache"="REG_BINARY, ......................    [HKEY_CURRENT_USER\Software\WizLine]       "a_id"="REG_SZ", "eyesis"       "dir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine"       "pid"="REG_SZ", "13"    [HKEY_CURRENT_USER\Software\WizLine\Update]       "ver"="REG_SZ", "0"

Malwarebytes Anti-Malware log:

<?xml version="1.0" encoding="UTF-16" ?><mbam-log><header><date>2014/10/10 06:27:27 -0700</date><logfile>mbam-log-2014-10-10 (06-27-26).xml</logfile><isadmin>yes</isadmin></header><engine><version>2.00.2.1012</version><malware-database>v2014.10.10.05</malware-database><rootkit-database>v2014.10.08.01</rootkit-database><license>premium</license><file-protection>disabled</file-protection><web-protection>enabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 8</osversion><arch>x64</arch><username>{username}</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>290747</objects><time>431</time><processes>0</processes><modules>0</modules><keys>22</keys><values>6</values><datas>0</datas><folders>0</folders><files>3</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key><value><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata>.Œ¢g™{D¨BÃ†ß³û</valuedata><hash>17f633e06a12e551f4cf1781bf43f907</hash></value><value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata></valuedata><hash>17f633e06a12e551f4cf1781bf43f907</hash></value><value><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><valuename></valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata></valuedata><hash>b25b997a5b21ab8bead9cfc9fd05e818</hash></value><value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><valuename></valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata></valuedata><hash>65a8e132eb911b1b655ef2a642c049b7</hash></value><value><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>Adware.Korad</vendor><action>success</action><valuedata>.Œ¢g™{D¨BÃ†ß³û</valuedata><hash>e32a080bf08ce6508305caf4aa577987</hash></value><value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>Adware.Korad</vendor><action>success</action><valuedata></valuedata><hash>e32a080bf08ce6508305caf4aa577987</hash></value><file><path>C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></file><file><path>C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></file><file><path>C:\Users\{username}\Desktop\Setup.exe</path><vendor>Adware.Korad</vendor><action>success</action><hash>fd1051c298e41d19ccbc209ef50c0df3</hash></file></items></mbam-log>

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

Sign In

Removal instructions for WizLine

Recommended Posts

Metallica

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information