coz32host.exe*32 causing ad's to pop up everywhere
Starting today I have ad's popping up everywhere! There is a program that I can't get stopped called coz32host.exe*32. Why doesn't Webroot stop it?
Userlevel 7
+56
Hello and Welcome to the Webroot Community!
It's what we call a PUA please see here on how to remove: https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744
Thanks,
Daniel 😉
It's what we call a PUA please see here on how to remove: https://community.webroot.com/t5/Techie-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744
Thanks,
Daniel 😉
Wow this is some persistent serious process that I can't deal with. I can't find the source on my box, end the process or deal with it in anyway. Seems relatively benign, but I don't know what it's doing. It clones itself somehow trying to adapt to anything I throw at it. Windows maleware detection doesn't see it either.
Userlevel 7
Hello kidscasco, welcome to the Community!
I think the best thing to throw at it at this point is a Trouble Ticket to have Webroot Support take a look. This is a free service with your valid WSA license 🙂
I think the best thing to throw at it at this point is a Trouble Ticket to have Webroot Support take a look. This is a free service with your valid WSA license 🙂
Thanks! I managed to finally kill the service and find it on my drive. This bugger was unusually persistant and it is a zoomify (if you do a search you'll see what I mean). It was disguised as a splash screen recommending a flash upgrade notification for chrome. Since I have had flash crash on a few times lately I figured I do it. It looked like typical maleware at first but I could not end the processes related to the zoomify: coshost, coszhost32, coshost64. NOthing would come up when I searched my drives looking for these recent stuff until I allowed all op sys files to be viewed and was then able to find them in C:programdatazoomify2. At that point I got into the service app editor and manged to stop two cozhost services to allow me to delete the library and executable files in zoomify2. I think I'm clean now.
I think I misspelled the actual process names in my former:
As I said, they clone (my word there-duplicate themselves under another name and reappear as another similarly named process). The names from my recollection are cozhost, cozhost32, cozhost64...and there may be more too.
As I said, they clone (my word there-duplicate themselves under another name and reappear as another similarly named process). The names from my recollection are cozhost, cozhost32, cozhost64...and there may be more too.
Userlevel 7
Awesome job if that got rid of it for good! If it does come back, and you need a hand, just remember Webroot Support is a link away.
Of course we are too if you ever have a question or problem we can help with here on the Community, just let us know!
Of course we are too if you ever have a question or problem we can help with here on the Community, just let us know!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.