How to Get Rid of Nation Zoom Browser Hijacker Virus Completely?

December 15, 2013
By admin

Nation Zoom is an adware or simply a browser hijacker… which is often called a ‘potentially unwanted program’ (‘PUP’). Though Nation Zoom is not exactly a virus, since it redirects nationzoom.com & injects banner ads and sponsored links in their search results that are illegitimate ..it is considered a potentially unwanted program. Nation zoom browser hijacker also collects user data such as search terms from search queries and gather other personal information, it should be removed asap else this will act as a backdoor and make your pc vulnerable.

 

Nation Zoom browser hijacker changes web browser’s home page and default search provider to nationzoom.com without your permission. The hijacker will also change http://www.nationzoom.com/?type=hp&ts=&from=tugs&uid= to various web browser shortcuts and sometimes non-internet related programs. This causes the nationzoom.com web page to open when you launch one of those hijacked shortcuts.

In order to get rid of Nation Zoom adware virus,
You need to do the following steps….

For IE, Firefox and Chrome find your respective desktop or shortcut icon and right click on it, select ‘Properties’.

Now you see the ‘Target’ tab. about half way down the data in target line is where you need to delete the NationZoom info.

It should be like this

“C:Program Files(x86)Internet Exploreriexplore.exe” http://www.nationzoom.com/?type=sc&ts=1385767159&from=tugs&uid=WDCXWD2500AAKX-001CA0_WD-WCAYW146409064090

in this format http://www.nationzoom.com/?type=hp&ts=&from=tugs&uid=

Delete the nation zoom webaddress, but do NOT delete the quotation marks (after.exe”) then save or apply, If you delete the quote marks it will give you an error message.

 

Nation zoom browser hijacker changes many things like hijacking other shortcuts etc…. in order to delete all these entries you need to run your antivirus.

In order to get rid of Nation Zoom Browser Hijacker Virus completely, start your PC in safe mode with networking,

How to remove Nation Zoom Browser Hijacker Virus manually

Remove the following files and registry entries. If you do not have sufficient expertise in dealing with computer files, folders, processes, DLL files, services & registry entries, please take aid from some one who can does this for you because manual deletion is a tedious process and does not always ensure that the deletion of the spyware antivirus is complete. If not Get Reimage key by going to http://reimagepcrepair.com in order to remove Nation Zoom Browser Hijacker Virus.

%CommonAppData%WPM
%CommonAppData%WPMupdate
%CommonAppData%WPMwprotectmanager.exe
c:Program FilesMozilla Firefoxsearchpluginsnationzoom.xmlFile Location Notes:

%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:Documents and SettingsAll UsersApplication Data for Windows 2000/XP and C:ProgramData in Windows Vista, Windows 7, and Windows 8.

%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:Documents and SettingsAll UsersApplication Data, and for Windows Vista, Windows 7, and Windows 8 it is C:ProgramData.

 

Associated Nationzoom.com Windows Registry Information:

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallWPM
HKEY_LOCAL_MACHINESOFTWAREnationzoomSoftware
HKEY_LOCAL_MACHINESOFTWAREsupWPM
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWpm
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Default_Page_URL” = “http://www.nationzoom.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerTabbedBrowsing “NewTabPageShow” = “1″
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Start Page” = “http://www.nationzoom.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes “DefaultScope” = “{33BB0A4E-99AF-4226-BDF6-49120163DE86}”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellopencommand “(Default)” = “C:Program FilesMozilla Firefoxfirefox.exe http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetGoogle Chromeshellopencommand “(Default)” = “C:Documents and SettingstestLocal SettingsApplication DataGoogleChromeApplicationchrome.exe” http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand “(Default)” = “C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetOperashellopencommand “(Default)” = “”C:Program FilesOperaOpera.exe” http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetOpera.exeshellopencommand “(Default)” = “”C:Program FilesOperaOpera.exe” http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetSafari.exeshellopencommand “(Default)” = “”C:Program FilesSafariSafari.exe” http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetSEAMONKEY.EXEshellopencommand “(Default)” = “C:Program FilesSeaMonkeyseamonkey.exe http://www.nationzoom.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain “Default_Page_URL” = “http://www.nationzoom.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain “Default_Search_URL” = “http://www.nationzoom.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain “Search Page” = “http://www.nationzoom.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain “Start Page” = “http://www.nationzoom.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch “CustomizeSearch” = “http://www.nationzoom.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearch “SearchAssistant” = “http://www.nationzoom.com/web/?type=ds&ts=<timestamp>&from=tugs&uid=<hard drive id>&q={searchTerms}”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes “DefaultScope” = “{33BB0A4E-99AF-4226-BDF6-49120163DE86}”

If not, go to http://reimagepcrepair.com to run a Scan.

Reimage works by comparing each and every Operating System system files with the correct files from a web repository of 25 million OS components. (since Reimage works by comparing with correct file, it can easily find the concealing rootkit, infact this is what a rootkit remover do……dumps a list of files from your hard disk drive and compares it with the list from the recovery console in order to find a hiding virus) This is the sole reason you can get a PC as good as new once you run Reimage, all other antivirus and antimalware programs only delete the virus….but they don’t fix the damage…which results in re-infection and slow performing PC.

Reimage first scans your PC exhaustively; all the files, folders, registry keys and values, drivers, softwares, stacks and then either fix or remove those stuffs that should be there. But it’s not just that it does. They have an tremendous web repository of application, drivers, system objects, etc. from where they compare your PC’s files and if corrupted replace it with the healthy ones.

Go to Reimage For a Complete Scan Now to Get Rid of Nation Zoom Virus Completely

Leave a Reply

Your email address will not be published. Required fields are marked *

*