What is WizLine?
The Malwarebytes research team has determined that WizLine is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by WizLine?
You may see this toolbar in your list of Toolbars and Extensions:
and this toolbar in Internet Explorer:
How did WizLine get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove WizLine?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes WizLine completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the WizLine adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O3 - Toolbar: WizLineToolBar - {A28C812E-9967-447B-A842-C386DF16B3FB} - C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll O8 - Extra context menu item: &Sample Toolband Serach - res://C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll/MENUSEARCH.HTM
Alterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Users\{username}\AppData\Roaming\WizLine Adds the file WizLine.dll"="8/27/2014 6:45 AM, 222792 bytes, A Adds the file WizLineAgent.exe"="8/11/2014 5:58 AM, 38472 bytes, A Adds the file WizLineUninstall.exe"="5/29/2014 12:27 PM, 30280 bytes, A Adds the file wzcart.exe"="8/27/2014 6:57 AM, 3753544 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file WizLine"="10/10/2014 2:33 PM, 3356 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}] "(Default)"="REG_SZ", "WizLineToolBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\InprocServer32] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll" "ThreadingModel"="REG_SZ", "Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\ProgID] "(Default)"="REG_SZ", "WizLine.WizLineToolBar.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\Programmable] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\TypeLib] "(Default)"="REG_SZ", "{D7092E5D-315B-465E-84F5-6C4A5667E96F}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}\VersionIndependentProgID] "(Default)"="REG_SZ", "WizLine.WizLineToolBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}] "(Default)"="REG_SZ", "IToolBandObj" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}\ProxyStubClsid] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}\ProxyStubClsid32] "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}\TypeLib] "(Default)"="REG_SZ", "{D7092E5D-315B-465E-84F5-6C4A5667E96F}" "Version"="REG_SZ", "1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj] "(Default)"="REG_SZ", "WizLineToolBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID] "(Default)"="REG_SZ", "{A28C812E-9967-447B-A842-C386DF16B3FB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer] "(Default)"="REG_SZ", "WizLine.WizLineToolBar.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1] "(Default)"="REG_SZ", "WizLineToolBar" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1\CLSID] "(Default)"="REG_SZ", "{A28C812E-9967-447B-A842-C386DF16B3FB}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0] "(Default)"="REG_SZ", "WizLine 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0\0\win32] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0\FLAGS] "(Default)"="REG_SZ", "0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D7092E5D-315B-465E-84F5-6C4A5667E96F}\1.0\HELPDIR] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A28C812E-9967-447B-A842-C386DF16B3FB}"="REG_BINARY, (zero length data) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Sample Toolband Serach] "(Default)"="REG_SZ", "res://C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll/MENUSEARCH.HTM" "Contexts"="REG_BINARY, [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A28C812E-9967-447B-A842-C386DF16B3FB}] "Flags"="REG_DWORD", 1024 "VerCache"="REG_BINARY, ...................... [HKEY_CURRENT_USER\Software\WizLine] "a_id"="REG_SZ", "eyesis" "dir"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WizLine" "pid"="REG_SZ", "13" [HKEY_CURRENT_USER\Software\WizLine\Update] "ver"="REG_SZ", "0"Malwarebytes Anti-Malware log:
<?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/10/10 06:27:27 -0700</date> <logfile>mbam-log-2014-10-10 (06-27-26).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.00.2.1012</version> <malware-database>v2014.10.10.05</malware-database> <rootkit-database>v2014.10.08.01</rootkit-database> <license>premium</license> <file-protection>disabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 8</osversion> <arch>x64</arch> <username>{username}</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>290747</objects> <time>431</time> <processes>0</processes> <modules>0</modules> <keys>22</keys> <values>6</values> <datas>0</datas> <folders>0</folders> <files>3</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C8D61A-FB08-47E1-88E0-800A2272BDE6}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D7092E5D-315B-465E-84F5-6C4A5667E96F}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\ToolBand.ToolBandObj.1</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <key><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></key> <value><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata>.¢g{D¨BÃß³û</valuedata><hash>17f633e06a12e551f4cf1781bf43f907</hash></value> <value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata></valuedata><hash>17f633e06a12e551f4cf1781bf43f907</hash></value> <value><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><valuename></valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata></valuedata><hash>b25b997a5b21ab8bead9cfc9fd05e818</hash></value> <value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{A28C812E-9967-447B-A842-C386DF16B3FB}</path><valuename></valuename><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><valuedata></valuedata><hash>65a8e132eb911b1b655ef2a642c049b7</hash></value> <value><path>HKU\S-1-5-21-3800216732-1304051731-3937296329-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>Adware.Korad</vendor><action>success</action><valuedata>.¢g{D¨BÃß³û</valuedata><hash>e32a080bf08ce6508305caf4aa577987</hash></value> <value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{A28C812E-9967-447B-A842-C386DF16B3FB}</valuename><vendor>Adware.Korad</vendor><action>success</action><valuedata></valuedata><hash>e32a080bf08ce6508305caf4aa577987</hash></value> <file><path>C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll</path><vendor>PUP.Optional.WizLine.A</vendor><action>success</action><hash>17f633e06a12e551f4cf1781bf43f907</hash></file> <file><path>C:\Users\{username}\AppData\Roaming\WizLine\WizLine.dll</path><vendor>Adware.Korad</vendor><action>success</action><hash>e32a080bf08ce6508305caf4aa577987</hash></file> <file><path>C:\Users\{username}\Desktop\Setup.exe</path><vendor>Adware.Korad</vendor><action>success</action><hash>fd1051c298e41d19ccbc209ef50c0df3</hash></file> </items> </mbam-log>As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention