Anti Malware Software Behaving Like Malware

Zemana Antimalware = Malware

Yesterday, I did some cleaning on my laptop because after installing Java I had to deal with Yahoo Search, a Firefox add-on, and while doing so I found suspicious folders in my ProgramData and Program Files (x86) folder. Funnily enough deleting Yahoo search was the easiest part.

I found two things. First an audio software, easy to uninstall, and second an hotspot application called Free WiFi Hotspot. Basically, your wifi becomes an hotspot and your data will be probably shared if you use this software. Of course, I wanted to delete it but in life there is nothing more annoying than the following message:

source: https://i1.wp.com/www.fixedbyvonnie.com/wp-content/uploads/2014/01/fixedbyvonnie-windows-8-1-action-cant-be-completed-because-the-folder-is-open-in-another-program.png
image source from www.fixedbyvonnie.com

In order to remove it I used this guide. Everything worked until I wanted to delete the software used in the guide. Zemana Antimalware always left behind a ZAM_GUARD.KRNL.TRACE file after booting my laptop, which couldn’t be deleted since it was always in use. Unfortunately, there is no pretty guide for it. I had to search in different forums. Here is a short summary.

  1. Uninstall Zemana Antimalware in the Control Panel or use the Uninstall.exe in the folder where ZAM is installed.
  2. Use Autoruns to find processes related to ZAM by typing in the filter “ZAM”. Above the processes you will see the path to the entries in the registry.
  3. Open the registry with regedit (administrative rights required) and follow the paths to the entries of the processes. But before deleting the entries, you need to delete the process (right click and then delete).
  4. Reboot.
  5. Go to C:/Windows/System32/drivers and delete zam64.sys and zamguard64.sys.
  6. Go to C:\Windows ZAM_Guard.krnl.trace and delete it.
  7. Next enable in Windows Explorer the option to show hidden files and folders. (There are many guides explaining it, just google.)
  8. Go to C:\Program Files or C:\Program Files (x86) and C:\ProgramData and delete ZAM related folders.

Conclusion of all that mess is that I will never ever download Zeman Antimalware again. It’s sad that nowadays software often behaves like malware, and that an inexperienced user will not even know that their PC or laptop is infected with malicious software. I hope it will help someone and if you have any questions, feel free to comment.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s