1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Adware.Ezula Activity

System Infected: Adware.Ezula Activity

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.


This signature detects the adware communicating and requesting information from its controlling server.

Additional Information

Adware.Ezula alters Web pages viewed in Internet Explorer and can add extra links to certain keywords that are targeted by advertisers. This adware also runs under the name TopText.

Adware :
Programs that facilitate delivery of advertising content to the user through their own window, or by utilizing another program's interface. In some cases, these programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other location in cyber-space.

Adware can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger adware by accepting an End User License Agreement from a software program linked to the adware or from visiting a website that downloads the adware with or without an End User License Agreement


  • Windows 2000
  • Windows 95
  • Windows 98
  • Windows Me
  • Windows NT
  • Windows Server 2003
  • Windows XP


Symantec Security Response has developed a removal tool for Adware.Ezula. Use this removal tool first, as it is the easiest way to remove this risk.

The tool can be found here: http://securityresponse.symantec.com/avcenter/FixEzula.exe

The current version of the tool is 1.0.3 and will have a digital signature timestamp equivalent to 07/29/05 01:31 AM PDT.

Note: The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.

It has been reported that a computer with this security risk on it may also have other security risks installed. Symantec recommends that the following steps be carried out:

1. Run the Removal Tool.
2. Update the definitions by starting the Symantec program and running LiveUpdate.
3. Run a full system scan to detect any other security risks on the computer.
4. If the scan detects any further security risks, check for removal tools at http://securityresponse.symantec.com/avcenter/security.risks.tools.list.html
5. If there are no removal tools for the security risks that are detected, follow the manual removal instructions listed in the risk report.

Manual Removal

1. Update the virus definitions.
2. Uninstall TopText using the Add/Remove Programs utility.
3. Locating the uninstaller
4. Run a full system scan and delete all the files detected as Adware.Ezula.
5. Delete the values that were added to the registry.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube